An buga sabuntawar sabuntawa ga dandamali don tsara haɓaka haɗin gwiwa - GitLab 16.7.2, 16.6.4 da 16.5.6, waɗanda ke gyara lahani biyu masu mahimmanci. Rashin lahani na farko (CVE-2023-7028), wanda aka sanya matsakaicin matsakaicin matakin (10 cikin 10), yana ba ku damar ƙwace asusun wani ta hanyar yin amfani da fom ɗin dawo da kalmar sirri da aka manta. Rashin lahani yana faruwa ne ta hanyar yuwuwar aika imel tare da lambar sake saitin kalmar sirri zuwa adiresoshin imel da ba a tantance ba. Matsalar tana bayyana tun lokacin da aka saki GitLab 16.1.0, wanda ya gabatar da ikon aika lambar dawo da kalmar sirri zuwa adireshin imel ɗin da ba a tantance ba.
Don bincika gaskiyar sasantawa na tsarin, an ba da shawarar kimantawa a cikin gitlab-rails/production_json.log log kasancewar buƙatun HTTP zuwa / masu amfani / mai sarrafa kalmar wucewa yana nuna jerin imel da yawa a cikin “params.value.email ” siga. Hakanan ana ba da shawarar bincika shigarwar a cikin gitlab-rails/audit_json.log log tare da ƙimar Kalmar wucewaController#ƙirƙira a cikin meta.caller.id kuma yana nuna jerin adireshi da yawa a cikin toshewar_details. Ba za a iya kammala harin ba idan mai amfani ya ba da damar tantance abubuwa biyu.
Rashin lahani na biyu, CVE-2023-5356, yana cikin lambar don haɗin kai tare da sabis na Slack da Mattermost, kuma yana ba ku damar aiwatar da /-umarni a ƙarƙashin wani mai amfani saboda rashin ingantaccen rajistan izini. An ba da batun matakin tsanani na 9.6 daga cikin 10. Sabbin sigogin kuma suna kawar da ƙarancin haɗari (7.6 daga 10) rauni (CVE-2023-4812), wanda ke ba ku damar ƙetare amincewar CODEOWNERS ta ƙara canje-canje zuwa wanda aka amince da shi a baya. bukatar hadawa.
Ana shirin bayyana cikakken bayani game da raunin da aka gano kwanaki 30 bayan buga gyaran. An ƙaddamar da bayanai game da raunin zuwa GitLab a zaman wani ɓangare na shirin baiwa na rashin lafiyar HackerOne.
source: budenet.ru