One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8438650 |
| Date de publication | 2024-01-13 21:06:02 (vue: 2024-01-13 16:09:42) |
| Titre | GitLab publie des mises à jour de sécurité pour corriger le détournement de compte GitLab Releases Security Updates To Fix Account Hijacking Flaw |
| Texte | GitLab, a web-based Git repository, on Thursday, released versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to address two critical vulnerabilities, including one of them allowing account hijacking by resetting passwords without requiring any user interaction. The first critical vulnerability - tracked as CVE-2023-7028 - has been awarded the maximum severity score (10 out of 10) on the CVSS scoring system. This issue affects GitLab self-managed instances running GitLab CE/EE versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which hackers can effortlessly hijack accounts of any access privileges and send the account password reset emails to an unverified email address. Security researcher \'Asterion\' discovered and reported the vulnerability to GitLab via the HackerOne bug bounty platform. It first appeared in the May 1, 2023 release of GitLab version 16.1.0. “The vulnerability was introduced in 16.1.0 on May 1, 2023,” GitLab security engineer Greg Myers shared in a GitLab security release after a change was made to allow users to reset their password through a secondary email address. “The vulnerability is a result of a bug in the email verification process.” While users who have two-factor authentication (2FA) enabled are vulnerable to password reset, they are not susceptible to account takeover as their second authentication factor is required for successful login. GitLab said it has fixed the security issue in GitLab versions 16.7.2, 16.5.6, and 16.6.4, and the fix has also been backported to GitLab versions 16.1.6, 16.2.9, and 16.3.7. “Within these versions, all authentication mechanisms are impacted. Additionally, users who have two-factor authentication enabled are vulnerable to password reset but not account takeover as their second authentication factor is required to login,” Myers added. While the vulnerability was resolved with the latest security release, the vendor strongly recommends admins of self-managed GitLab instances update all vulnerable versions to a patched version immediately. It also advises users to enable 2FA for all GitLab accounts (and especially for administrator accounts). GitLab says it has not detected any abuse of CVE-2023-7028 on platforms managed by GitLab, including GitLab.com and GitLab Dedicated instances but shared the following signs of compromise for defenders: Check gitlab-rails/production_json.log for HTTP requests to the /users/password path with params.value.email consisting of a JSON array with multiple email addresses. Check gitlab-rails/audit_json.log for entries with meta.caller.id of PasswordsController#create and target_details consisting of a JSON array with multiple email addresses. GitLab also patched the second critical vulnerability identified as CVE-2023-5356 (CVSS score of 9.6 out of 10) as part of the latest update, which allows an attacker to abuse Slack/Mattermost integrations to execute slash commands as another user. There are incorrect authorization |
| Envoyé | Oui |
| Condensat | “within 2023 2030: 2fa 4812: 5356 6955: 7028 about above abuse access account accounts added adding additionally address addresses administrator admins advises affecting affects agent all allow allowing allows also another any appeared approval approved are array associated asterion as cve attacker authentication authorization awarded backported based been before besides bounty bug but bypasses caller can ce/ee change changes checks check gitlab click codeowners com commands commits community compromise consisting control allows could create critical cve cvss dedicated defenders: details detected discovered due edition effortlessly email emails enable enabled engineer enterprise entries especially execute existing factor first fix fixed flaw flaws following from git gitlab greg group hackerone hackers has have here high hijack hijacking http identified immediately impacted improper including incorrect information instances integrations interaction introduced issue json later latest learn login log for low made managed maximum may mechanisms medium merge meta metadata modify more myers not one out params part password passwords passwordscontroller#create patched platform platforms potentially previously prior privileges process rails/audit rails/production recommends release released releases release after reported repository request requests required requiring researcher reset resetting resolved result running said says score score: scoring second secondary security self send severity shared signature signed signs slack/mattermost slash starting strongly successful susceptible system takeover target them these the /users/password path three through thursday tracked two unverified update updates user users validation value vendor verification version versions vulnerabilities vulnerability vulnerable web which who without with multiple email workspace discovered “the |
| Tags | Vulnerability |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.