Allele Security Alert
ASA-2019-00211
Identifier(s)
ASA-2019-00211, CVE-2019-10640
Title
Denial of service (DoS) potential for regex in CI/CD refs
Vendor(s)
GitLab
Product(s)
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
Affected version(s)
GitLab CE/EE 8.0 and later
Fixed version(s)
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.9.4
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.8.6
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.7.10
Proof of concept
Unknown
Description
An regex input validation issue for the .gitlab-ci.yml refs value was discovered which could allow an attacker to execute a denial of service (DoS) on the platform.
Technical details
Unknown
Credits
Unknown
Reference(s)
GitLab Security Release: 11.9.4, 11.8.6, and 11.7.10
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10640
CVE-2019-10640
https://nvd.nist.gov/vuln/detail/CVE-2019-10640
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 23, 2019