GitLab 4ÔÂÔ¶³Ì´úÂëÖ´ÐÐÎó²î

Ðû²¼Ê±¼ä 2021-04-15

0x00 Îó²î¸ÅÊö

CVE  ID


ʱ   ¼ä

2021-04-15

Àà   ÐÍ

RCE

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

image.png

 

GitLabÊÇÒ»¸öÓÃÓÚ¿ÍÕ»ÖÎÀíϵͳµÄ¿ªÔ´ÏîÄ¿£¬£¬£¬ÆäʹÓÃGit×÷Ϊ´úÂëÖÎÀí¹¤¾ß£¬£¬£¬¿Éͨ¹ýWeb½çÃæ»á¼û¹ûÕæ»ò˽ÈËÏîÄ¿¡£¡£¡£¡£¡£¡£

2021Äê04ÔÂ14ÈÕ£¬£¬£¬GitlabÐû²¼Ç徲ͨ¸æ£¬£¬£¬¹ûÕæÁËGitLabÉçÇø°æ£¨CE£©ºÍÆóÒµ°æ£¨EE£©ÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¬£¬£¬ÆäCVSSÆÀ·ÖΪ9.9¡£¡£¡£¡£¡£¡£¸ÃÎó²îÊÇÓÉÓÚGitLabûÓÐ׼ȷÑé֤ת´ïµ½ÎļþÆÊÎöÆ÷µÄimageÎļþ¶øµ¼ÖµÄÔ¶³ÌÏÂÁîÖ´ÐС£¡£¡£¡£¡£¡£

 

 

Ó°Ïì¹æÄ£

Gitlab CE/EE < 13.8.8

Gitlab CE/EE < 13.9.6

Gitlab CE/EE < 13.10.3

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ¹Ù·½ÒÑÐÞ¸´ÁË´ËÎó²î£¬£¬£¬½¨ÒéÉý¼¶ÖÁÒÔÏ°汾£º

Gitlab CE/EE 13.8.8

Gitlab CE/EE 13.9.6

Gitlab CE/EE 13.10.3

ÏÂÔØÁ´½Ó£º

https://about.gitlab.com/update/

 

0x03 ²Î¿¼Á´½Ó

https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/

https://about.gitlab.com/update/

 

0x04 ʱ¼äÏß

2021-04-14  GitLabÐû²¼Ç徲ͨ¸æ

2021-04-15  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png