CVE CyberSecurity Database News

CVE-2023-3915: Privilege Escalation Vulnerability in GitLab EE Through Service Account Creation

Poster -

A critical vulnerability (CVE-2023-3915) has been discovered in GitLab Enterprise Edition (EE) that affects all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, and all versions starting from 16.3 before 16.3.1. This vulnerability allows external users who are given an owner role on any group to escalate their privileges on the instance by creating a service account in that group. The service account created is not classified as external and may be used by the external user to gain unauthorized access to internal projects.

Exploit Details

If an external user is granted an owner role on any group within the affected versions of GitLab EE, they can leverage this vulnerability to escalate their privileges and access internal projects. This is achieved by creating a service account within the group, which is not marked as external, thus allowing the external user to bypass access controls intended to prevent unauthorized access to internal projects.

Here is a simple code snippet that demonstrates the vulnerability

# External user with owner role creates a service account in the group
POST /api/v4/groups/:id/service_accounts
{
  "name": "Service Account",
  "email": "service_account@example.com"
}

This request results in the creation of a service account under the specified group, granting the external user escalated privileges and access to internal projects.

Original References

For more information about the vulnerability and the affected GitLab EE versions, please refer to the following links:

- GitLab Security Advisory: https://about.gitlab.com/releases/2023/09/15/critical-security-release-gitlab-16-3-1-released/
- CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3915

Mitigation

To protect your GitLab EE instance from this vulnerability, it is highly recommended to update to the latest patched versions provided by GitLab, as follows:

GitLab EE 16.3 users should upgrade to 16.3.1 or later

Additionally, ensure that only trusted users are granted owner roles in your GitLab instance and be cautious when granting these roles to external users.

Conclusion

CVE-2023-3915 is a critical privilege escalation vulnerability in GitLab EE that affects several versions. To protect your GitLab instance from unauthorized access to internal projects and maintain the security of your projects and data, it is essential to update to the latest patched versions and follow the recommended mitigation steps.

Timeline

Published on: 09/01/2023 11:15:00 UTC
Last modified on: 09/01/2023 21:14:00 UTC