Corrective updates to the GitLab collaborative development platform 14.8.2, 14.7.4, and 14.6.5 resolve a critical vulnerability (CVE-2022-0735) that could allow an unauthorized user to extract registration tokens in the GitLab Runner, which is used to organize the call of handlers when building project code in a continuous integration system. Details are not provided yet, it is only mentioned that the problem is caused by information leakage when using Quick Actions commands.
The issue was identified by GitLab staff and covers versions 12.10 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Users maintaining their own GitLab installations are encouraged to install an update or apply a patch as soon as possible. This issue was addressed by leaving access to Quick Actions commands to users with write permission only. After installing an update or individual “token-prefix” patches, the registration tokens previously created for groups and projects in the Runner will be reset and re-generated.
In addition to the critical vulnerability, the new versions also fixed 6 less dangerous vulnerabilities that can lead to the addition of other users to groups by an unprivileged user, misinformation of users through manipulation of the contents of Snippets, leakage of environment variables through the sendmail delivery method, determining the presence of users through the GraphQL API, password leaks when mirroring repositories via SSH in pull mode, DoS attack through the comment submission system.
Source: opennet.ru