CSRF and denial-of-service vulnerabilities extinguished
GitLab has resolved a raft of vulnerabilities – including two high-impact web security flaws – with an update to its software development platform.
A second high severity vulnerability meant that the GitLab Webhook feature could be abused to perform denial-of-service (DoS) attacks.
GitLab bug bounty
The DoS vulnerability was discovered by researcher ‘afewgoats’ and disclosed through a GitLab bug bounty program run by HackerOne.
CVE trackers have been requested for both high impact vulnerabilities, but identifiers are yet to be assigned.
Ethical hacker ‘afewgoats’ told The Daily Swig that they've been working on a way to attack services that offer webhooks.
"The webhook connections usually have timeouts set, but my badly-behaving webserver can bypass them and keep the connection open for days," afewgoats explained. "It's only Denial of Service, but it could tie up huge amounts of memory on the victim servers."
"So far it's been successful against PHP, Ruby and Java targets," they added.
The CRSF and DoS issues – as well as an array of lesser flaws – can be resolved by updating installations to the most recent version of GitLab.
The platform update also tackles 15 medium severity and two low-impact flaws, as explained in a security alert from GitLab.
This story has been updated to add comment from ethical hacker ‘afewgoats’