Overview
- Identifier: AIT-SA-20190930-01
- Target: GitLab Omnibus
- Vendor: GitLab
- Version: 7.4 through 12.2.1
- Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
- CVE: CVE-2019-15741
- Accessibility: Local
- Severity: Low
- Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Vulnerability Description
GitLab Omnibus sets the ownership of the log directory to the system-user “git”, which might let local users obtain root access because of unsafe interaction with logrotate.
Vulnerable Versions
7.4 through 12.2.1
Impact
An attacker who already achieved a valid shell as user “git” could elevate the privileges to “root”. The fact that another exploit is needed to get a shell lowers the severity from high to low.
Advisory URL
http://www.ait.ac.at/ait-sa-20190930-01-privilege-escalation-via-logrotate-in-gitlab-omnibus