Escuche esta historia
--:--
3:43
GitLab fixes a vulnerability that allowed access to Runner
A few days ago, it became known that GitLab was suffering from a vulnerability. This information was published by the company itself on its blog and it briefly explained what it was about.
The vulnerability was listed as medium severity and affected all GitLab versions from 13 to 14.8. The company's security team has reported that this has been resolved and had no impact on security.
What was this vulnerability about?
The vulnerability known as CVE-2021-4191 was discovered by Jake Baines, a security expert at Rapid7. This bug allowed a user, without having the appropriate privileges, to extract tokens from GitLab Runner.
Runner is a tool that allows you to organize drivers necessary for the creation of a continuous integration system. This vulnerability is the result of missing authentication in the GitLab GraphQL API.
The person who accessed it would be able to get hold of usernames, email addresses and other personal information. In fact, GitLab has said that this information would be accessible from around 50,000 GitLab instances.
Although it is a bug that seems quite serious, the company has ensured that this vulnerability was not exploited. In this sense, platform users can rest assured that their personal information is secure.
GitLab asks users to update their versions
The new update has just been released, so many users have not updated yet. There are even people who have stayed in previous versions for personal reasons.
GitLab has encouraged its users to update to this new version that fixes this and other important issues. In case you don't want to update or can't do it at the moment, the company has also provided a patch.
Once the update has been installed, the registration tokens you have previously created in Runner will be reset. But don't worry, since they will regenerate automatically, so you won't have to generate them again.
Other bugs that were fixed in this new version
Additionally, in the log of the new version it has been specified that another 6 minor vulnerabilities have been corrected. The full list of patched vulnerabilities are as follows:
Snippet Tampering : One of the vulnerabilities that was fixed was one that allowed a person to edit Snippets. This caused unaware users to end up executing arbitrary commands.
DoS attack through comments : Since version 8.15 there was a vulnerability that made it possible for users to send a DoS attack through the comments system. To do this, the person had to execute a mathematical function (which was not specified) to start an infinite loop.
GraphQL API vulnerability : A bug existed in the GraphQL API that allowed access to unauthenticated users. This allowed anyone who performed specific steps to have access to the API.
Leakage of variables in “sendmail” : According to GitLab, a user was able to steal environment variables via an email address. The attack was carried out through the “sendmail” function, since it incorrectly validated the inputs.
Add users without having privileges : A small bug in the code allowed users (under certain conditions) to add members to the group without having the proper privileges. This was achieved through the use of the GitLab REST API.
Password leaks when mirroring repositories : In some cases, when a user cloned a repository via SSH it could lead to a password leak. That is, the user not only received the repository, but also had access to the passwords.
These were all the vulnerabilities that the company fixed in this new version of GitLab. They were all pretty punctual, but that could cause problems if not fixed.