An bayyana rauni mai mahimmanci na biyu a GitLab a cikin ƙasa da mako guda

Darkcrizt

4 minti

Gitlab

Gitlab yana fama da batun tsaro na biyu a cikin ƙasa da mako guda

Cikin kasa da mako guda Masu haɓaka Gitlab dole ne su sauka don aiki, Da kyau, ƴan kwanaki da suka gabata an fitar da sabuntawar gyara don GitLab Haɗin gwiwar Haɗin gwiwar Platform 15.3.1, 15.2.3 da 15.1.5, waɗanda suka warware wani mummunan rauni.

jera a karkashin CVE-2022-2884, wannan raunin na iya ƙyale ingantaccen mai amfani da damar zuwa GitHub Import API mugun gudu code a kan uwar garke. Har yanzu ba a fitar da cikakken bayani game da aiki ba. Wani mai binciken tsaro ne ya gano raunin a matsayin wani ɓangare na shirin baiwa HackerOne rauni.

A matsayin tsarin aiki, an shawarci mai gudanarwa da ya kashe shigo da daga fasalin GitHub (a cikin gidan yanar gizon GitLab: "Menu" -> "Admin" -> "Saituna" -> "Gaba ɗaya" -> "Ganuwa da ikon sarrafawa" -> "Shigo da tushen" -> kashe "GitHub").

Bayan haka kuma a cikin ƙasa da mako guda GitLab Ina buga jerin sabuntawa na gyara na gaba don dandalin ci gaban haɗin gwiwar su: 15.3.2, 15.2.4, da 15.1.6, wanda ke daidaita yanayin rashin ƙarfi na biyu.

jera a karkashin CVE-2022-2992, wannan rashin lafiyar yana ba mai amfani da ingantaccen aiki damar aiwatar da lamba nesa a kan uwar garke. Kamar raunin CVE-2022-2884 wanda aka gyara mako guda da suka gabata, akwai sabon batun API don shigo da bayanai daga sabis na GitHub. Rashin lahani yana bayyana kanta, a tsakanin sauran abubuwa, a cikin sakewa 15.3.1, 15.2.3, da 15.1.5, wanda aka gyara raunin farko a cikin lambar shigo da daga GitHub.

Har yanzu ba a fitar da cikakken bayani game da aiki ba. An ƙaddamar da raunin ga GitLab a matsayin wani ɓangare na shirin kyauta na HackerOne, amma ba kamar batun da ya gabata ba, wani mai ba da gudummawa ya gano shi.

A matsayin tsarin aiki, ana ba da shawarar mai gudanarwa don kashe shigo da kayan daga fasalin GitHub (a cikin mahaɗin yanar gizo na GitLab: "Menu" -> "Admin" -> "Saituna" -> "Gaba ɗaya" -> "Ganuwa da ikon sarrafawa" -> "Shigo da tushen" -> kashe "GitHub").

Har ila yau, Sabuntawar da aka gabatar suna gyara ƙarin rauni guda 14, biyu daga cikinsu an yi musu alama a matsayin masu haɗari, goma suna da matsakaicin matsakaici kuma biyu suna da alamar ba su da haɗari.

Ana gane waɗannan a matsayin masu haɗari: rauni CVE-2022-2865, wanda ke ba ka damar ƙara lambar JavaScript naka zuwa shafukan da aka nuna wa sauran masu amfani ta hanyar yin amfani da alamun launi,

Yana yiwuwa a yi amfani da rauni ta hanyar daidaita fasalin launi na lakabin da zai iya haifar da XSS da aka adana wanda ya ba da damar maharan suyi ayyuka na sabani a madadin wadanda abin ya shafa a gefen abokin ciniki. 

Wani kuma daga cikin raunin da aka warware tare da sabon jerin gyare-gyare, shine CVE-2022-2527, wanda ya sa ya yiwu a maye gurbin abun ciki ta hanyar filin bayanin a kan tsarin ma'aunin abin da ya faru). Matsakaicin rashin lahani na farko yana da alaƙa da ƙin yuwuwar sabis.

Rashin ingantaccen tsayi akan kwatancen Snippet a cikin GitLab CE/EE yana shafar duk nau'ikan kafin 15.1.6, duk nau'ikan daga 15.2 kafin 15.2.4, duk nau'ikan daga 15.3 kafin 15.3.2 suna ba da damar ingantaccen maharin don ƙirƙirar babban snippet na mugunta. cewa, lokacin da aka nema tare da ko ba tare da tantancewa ba, yana haifar da nauyi mai yawa akan uwar garken, mai yuwuwar haifar da ƙin sabis.

Na sauran raunin da aka warware:

  • Rijistar fakitin ba ta cika girmama jerin izinin IP na ƙungiyar ba, GitLab bai inganta yadda ya kamata ba akan wasu Rukunin Rukunin lokacin da aka saita hane-hane na adireshin IP, ƙyale maharin da ya riga ya mallaki ingantacciyar alamar turawa zai yi amfani da shi daga kowane wuri.
  • Cin zarafin Gitaly.GetTreeEntries kira yana haifar da ƙin sabis, ƙyale ingantaccen mai amfani da izini don ƙyale albarkatun uwar garken ta hanyar shigo da mugun aiki.
  • Yiwuwar buƙatun HTTP na sabani a cikin .ipynb Notebook tare da alamun nau'i na mugunta, wanda ke bawa maharin damar ba da buƙatun HTTP na sabani.
  • Ƙin bayanin sabis na yau da kullun ta hanyar shigar da ƙirƙira yana bawa maharin damar haifar da babban amfani da CPU ta hanyar ingantaccen shigarwar da aka ƙara zuwa Tabbataccen filin saƙo.
  • Bayyanawa ta hanyar nassoshi na GFM na sabani da aka wakilta a cikin abubuwan da suka faru na lokacin aukuwa
  • Karanta abun ciki na ma'aji ta hanyar LivePreview aikin: Zai yiwu ga mai amfani mara izini ya karanta abun ciki na ma'aji idan memba na aikin yayi amfani da hanyar haɗin gwiwa.
  • Ƙin Sabis ta hanyar API lokacin ƙirƙirar reshe: An yi amfani da rashin sarrafa bayanai kan ƙirƙirar reshe don haifar da babban amfani da CPU.
  • Ƙin sabis ta hanyar samfoti na fitowa

A ƙarshe, idan kuna sha'awar ƙarin sani game da shi, zaku iya tuntuɓar cikakkun bayanai A cikin mahaɗin mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.