CVE-2018-20500 - OpenCVE

An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

Link	Resource
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/	Release Notes Vendor Advisory
https://about.gitlab.com/blog/categories/releases/	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-17T15:18:18

Updated: 2019-05-17T15:18:18

Reserved: 2018-12-26T00:00:00

Link: CVE-2018-20500

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-17T16:29:00.640

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-20500

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-31T00:00:00", "descriptions": [{"lang": "en", "value": "An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-17T15:18:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://about.gitlab.com/blog/categories/releases/"}, {"tags": ["x_refsource_MISC"], "url": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20500", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://about.gitlab.com/blog/categories/releases/", "refsource": "MISC", "url": "https://about.gitlab.com/blog/categories/releases/"}, {"name": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/", "refsource": "MISC", "url": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20500", "datePublished": "2019-05-17T15:18:18", "dateReserved": "2018-12-26T00:00:00", "dateUpdated": "2019-05-17T15:18:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "2D22FA16-5F1D-4FBA-8DB3-E2AE4476DDFA", "versionEndExcluding": "11.4.13", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "54B3C2DA-1CEE-4DFD-B2AA-F98BE7D9447E", "versionEndExcluding": "11.4.13", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "555DAC6F-1C9E-4D4E-9100-35DDFD320F51", "versionEndExcluding": "11.5.6", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "584CB55D-C412-4C8A-91A6-B0FB0632D4DF", "versionEndExcluding": "11.5.6", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "BF95CB5A-17FF-413D-BD1E-6D4470E5A7F8", "versionEndExcluding": "11.6.1", "versionStartIncluding": "11.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7B939578-9F4C-4EB0-8FCC-5A9F64109788", "versionEndExcluding": "11.6.1", "versionStartIncluding": "11.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token."}, {"lang": "es", "value": "Fue descubierto un problema con los permisos inseguros en GitLab Community and Enterprise Edition 9.4 y versiones superiores, anteriores a 11.4.13, 11.5.x anteriores a 11.5.6 y 11.6.x anteriores a 11.6.1. El Runner Registration Token en la configuraci\u00f3n de CI/CD no se pudo restablecer. Esto fue un riesgo de seguridad si uno de los mantenedores deja el grupo y ellos conocen el token."}], "id": "CVE-2018-20500", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-17T16:29:00.640", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://about.gitlab.com/blog/categories/releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}