CVE-2023-5332: Consul RCE vulnerability `enable-script-checks` (#8171) · Issues · GitLab.org / omnibus-gitlab · GitLab

Skip to content

• • Why GitLab
  • Pricing
  • Contact Sales
  • Explore

• Why GitLab

• Pricing

• Contact Sales

• Explore

Consul RCE vulnerability `enable-script-checks`

Summary

GitLab Premium in GitLab customer engaged GitLab Support to disclose the ability to exploit an RCE vulnerability in Consul, using GitLab Omnibus version v15.11.3 with Consul 1.12.5.

In 2019 there was an MR that addressed this by upgrading Consul for Omnibus: !3400 (merged)

This MR addressed the following issue: #4124 (closed)

The customer has indicated that upgrading the Consul version to a patched version is not enough to mitigate the vulnerability. Apparently we still set enable_script_checks to true by default in the Omnibus cookbook, and part of the mitigation is changing enable_script_checks to enable_local_script_checks.

Steps to reproduce

Mitigation steps

Example Project****What is the current bug behavior?****What is the expected correct behavior?****Relevant logs and/or screenshots****Output of checks****Results of GitLab environment infoExpand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application CheckExpand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of: sudo gitlab-rake gitlab:check SANITIZE=true)

(For installations from source run and paste the output of: sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)

(we will only investigate if the tests are passing) Possible fixes

cc @gitlab-com/gl-security/appsec

Edited May 17, 2023 by Michael Trainor