An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesnt ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gitlab | Gitlab | * | 14.4.5 (excluding) |
Gitlab | Gitlab | 14.5.0 (including) | 14.5.3 (excluding) |
Gitlab | Gitlab | 14.6.0 (including) | 14.6.1 (excluding) |
Gitlab | Ubuntu | esm-apps/xenial | * |
Gitlab | Ubuntu | trusty | * |
Gitlab | Ubuntu | xenial | * |