GitLab 4ÔÂÔ¶³Ì´úÂëÖ´ÐЩ¶´

Ðû²¼Ê±¼ä 2021-04-15

0x00 ©¶´¸ÅÊö

CVE  ID


ʱ   ¼ä

2021-04-15

Àà   ÐÍ

RCE

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°Ï췶Χ


PoC/EXP

δ¹ûÈ»

ÔÚÒ°ÀûÓÃ


 

0x01 ©¶´ÏêÇé

image.png

 

GitLabÊÇÒ»¸öÓÃÓÚ¶ÑÕ»¹ÜÀíϵͳµÄ¿ªÔ´ÏîÄ¿£¬ÆäʹÓÃGit×÷Ϊ´úÂë¹ÜÀí¹¤¾ß£¬¿Éͨ¹ýWeb½çÃæ·ÃÎʹûÈ»»ò˽ÈËÏîÄ¿¡£

2021Äê04ÔÂ14ÈÕ£¬GitlabÐû²¼Äþ¾²Í¨¸æ£¬¹ûÈ»ÁËGitLabÉçÇø°æ£¨CE£©ºÍÆóÒµ°æ£¨EE£©ÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐЩ¶´£¬ÆäCVSSÆÀ·ÖΪ9.9¡£¸Ã©¶´ÊÇÓÉÓÚGitLabûÓÐÕýÈ·Ñé֤ͨ±¨µ½Îļþ½âÎöÆ÷µÄimageÎļþ¶øµ¼ÖµÄÔ¶³ÌÃüÁîÖ´ÐС£

 

 

Ó°Ï췶Χ

Gitlab CE/EE < 13.8.8

Gitlab CE/EE < 13.9.6

Gitlab CE/EE < 13.10.3

 

0x02 ´¦Öý¨Òé

Ä¿Ç°¹Ù·½ÒÑÐÞ¸´ÁË´Ë©¶´£¬½¨ÒéÉý¼¶ÖÁÒÔÏ°汾£º

Gitlab CE/EE 13.8.8

Gitlab CE/EE 13.9.6

Gitlab CE/EE 13.10.3

ÏÂÔØÁ´½Ó£º

https://about.gitlab.com/update/

 

0x03 ²Î¿¼Á´½Ó

https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/

https://about.gitlab.com/update/

 

0x04 ʱ¼äÏß

2021-04-14  GitLabÐû²¼Äþ¾²Í¨¸æ

2021-04-15  VSRCÐû²¼Äþ¾²Í¨¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png