This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
With an update to its software development infrastructure, Gitlab has addressed numerous vulnerabilities — including two high-impact online security flaws.
GitLab is a web-based DevOps life cycle platform providing an open-source license from GitLab Inc. to offer wiki, problem-tracking, and continuous pipeline integration and deployment capabilities. Ukrainian programmers Dmytro Zaporozhets and Valery Sizov have designed the program.
In GitLab’s GraphQL API, a cross-site request forgery (CSRF) has developed a mechanism for an attacker to call modifications while they are impersonating as their victims.
Cross-Site Request Forgery (CSRF) is an attack that causes an end-user in a web application to perform undesirable activities wherein he or she is presently authenticated. Users of a web application may be lured towards carrying out activities of an attacker using some social engineering support (such as delivering a link by email or chat). If the target is a regular user, a successful CSRF attack can force the user to make modifications such as money transfers, email addresses, etc. CSRF can compromise the whole web application when the victim is an administration account.
The Gitlab Webhook feature could be exploited for denial- of service (DoS) attacks because of a second high-level security vulnerability.
An attack by a Denial-of-Service (DoS) is designed to shut down a user computer system or network, which makes it unreachable to its intended users
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: GitLab Fixes Several Vulnerabilities Reported by Bug Bounty