CSRF and denial-of-service vulnerabilities extinguished
GitLab has resolved a raft of vulnerabilities – including two high-impact web security flaws – with an update to its software development platform.
A cross-site request forgery (CSRF) vulnerability in GitLab’s GraphQL API created a means for an attacker to call mutations while posing as their victim.
A second high severity vulnerability meant that the GitLab Webhook feature could be abused to perform denial-of-service (DoS) attacks.
GitLab bug bounty
The DoS vulnerability was discovered by researcher ‘afewgoats’ and disclosed through a GitLab bug bounty program run by HackerOne.
CVE trackers have been requested for both high impact vulnerabilities, but identifiers are yet to be assigned.
Ethical hacker ‘afewgoats’ told The Daily Swig that they've been working on a way to attack services that offer webhooks.
"The webhook connections usually have timeouts set, but my badly-behaving webserver can bypass them and keep the connection open for days," afewgoats explained. "It's only Denial of Service, but it could tie up huge amounts of memory on the victim servers."
"So far it's been successful against PHP, Ruby and Java targets," they added.
Read more of the latest security vulnerability news
The CRSF and DoS issues – as well as an array of lesser flaws – can be resolved by updating installations to the most recent version of GitLab.
The platform update also tackles 15 medium severity and two low-impact flaws, as explained in a security alert from GitLab.
These additional flaws include a clipboard DOM-based cross-site scripting (XSS) issue, a reflected XSS in release edit pages, and a stored XSS on audit log issue, among other flaws.
This story has been updated to add comment from ethical hacker ‘afewgoats’
YOU MAY ALSO LIKE Researchers accidentally release exploit code for new Windows ‘zero-day’ bug PrintNightmare