ArchLinux: 201810-16: gitlab: multiple issues
Summary
- CVE-2018-18640 (information disclosure)
A security issue has been found in gitlab versions prior to 11.4.3,
where private project pages had inadequate cache control, which
resulted in unauthorized users being able to view them in the browser.
- CVE-2018-18641 (information disclosure)
A security issue has been found in gitlab versions prior to 11.4.3,
where personal access tokens were being stored unencrypted as plain
text in the database which could result in attackers potentially
reading them via SQL injection or other database leaks.
- CVE-2018-18643 (cross-site scripting)
A security issue has been found in gitlab versions prior to 11.4.3,
where the fragment identifier (hash) of several pages contained a lack
of input validation and output encoding issue which resulted in a
persistent XSS.
- CVE-2018-18645 (information disclosure)
A security issue has been found in gitlab versions prior to 11.4.3,
where when replying to an issue through email, with the GitLab email
footer included, a user's unsubscribe link would be included in the
issue. This information is considered sensitive.
- CVE-2018-18646 (cross-site request forgery)
A security issue has been found in gitlab versions prior to 11.4.3,
where the Hipchat integration was vulnerable to a SSRF issue which
allowed an attacker to make requests to any local network resource
accessible from the GitLab server.
- CVE-2018-18648 (information disclosure)
A security issue has been found in gitlab versions prior to 11.4.3,
where a JSON endpoint was disclosing Gem version information which
could result in an attacker discovering vulnerable Gems available on a
specific GitLab instance.
- CVE-2018-18649 (arbitrary code execution)
A security issue has been found in gitlab versions prior to 11.4.3,
where the wiki API contained an input validation issue which resulted
in remote code execution.
Resolution
Upgrade to 11.4.3-1.
# pacman -Syu "gitlab>=11.4.3-1"
The problems have been fixed upstream in version 11.4.3.
References
https://gitlab.com/gitlab-org/gitlab-foss/-/commit/5e125b0f84ad768d7ff19905d03820f561c21f98 https://gitlab.com/gitlab-org/gitlab-foss/-/commit/daed01a5ca348e7d267b50e325bf58185617a0ad https://gitlab.com/gitlab-org/gitlab-foss/-/commit/5342df04045e1c8a98fdb9fe8203a816bf240ac8 https://gitlab.com/gitlab-org/gitlab-foss/-/commit/82c12bd8bf9e0ea9e8df3bbcad91c27fccc709e8 https://gitlab.com/gitlab-org/gitlab-foss/-/commit/f17e36feab266a62b316bfe88d7d558c2debaf9b https://gitlab.com/gitlab-org/gitlab-foss/-/commit/b9b68fe7d30778338625fb606457eb1886a17f08 https://gitlab.com/gitlab-org/gitlab-foss/-/commit/e05636e2794d975876958c3781b66de2991d89d2 https://security.archlinux.org/CVE-2018-18640 https://security.archlinux.org/CVE-2018-18641 https://security.archlinux.org/CVE-2018-18643 https://security.archlinux.org/CVE-2018-18645 https://security.archlinux.org/CVE-2018-18646 https://security.archlinux.org/CVE-2018-18648 https://security.archlinux.org/CVE-2018-18649
Workaround
None.