CVE CyberSecurity Database News

CVE-2023-3979 - GitLab Permissions Vulnerability Allows Unauthorized Write Access to Merge Request's Source Branch

Poster -

A security issue, tracked as CVE-2023-3979, has been discovered in GitLab that affects all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. This vulnerability can potentially allow upstream members to gain write permissions to the merge request's source branch, without having the necessary authorization.

Description

The vulnerability exists in GitLab's permissions handling mechanism that allows unauthorized users to modify merge request's source branch. GitLab is an open-source web-based Git repository manager that provides source code management, continuous integration, and many other project management features. GitLab is widely used by developers to collaborate on software projects.

Upstream members are those who have the ability to contribute changes to a project, but do not have write access to the main repository. Under normal circumstances, these users would only have read access to a project's branches. However, due to this vulnerability, it is possible for them to gain write access to a branch associated with a merge request.

Exploit Details

The root cause of this issue lies in the way GitLab handles permission checks when deciding whether to grant write access to a specific branch. To illustrate this vulnerability, let's consider the following code snippet:

def can_write?(branch)
  return false if branch.protected? && !current_user.can?(:push_code, project)

  can?(:push_code, project)
end

Here, GitLab checks if the current user

can?(:push_code, project)

before granting write access to the branch. However, the check doesn't take into account whether the user is an upstream member or not. As a result, GitLab does not correctly enforce the necessary permissions for these users.

16.4.1 for users starting from version 16.4.

It is highly recommended for all affected users to upgrade to the latest version as soon as possible in order to remediate this vulnerability. For more information, please refer to the official GitLab blog post on this issue.

Conclusion

CVE-2023-3979 is a serious vulnerability that exposes GitLab users to unauthorized write access on a merge request's source branch. To ensure the security and integrity of your GitLab projects, it is crucial to update your GitLab instance to a version that is not affected by this vulnerability.

Timeline

Published on: 09/29/2023 07:15:00 UTC
Last modified on: 10/03/2023 16:04:00 UTC