CVE-2020-13359 : Exploit Details and Defense Strategies

GitLab CE/EE versions 12.10 to 13.5.2 are affected by a vulnerability in the Terraform API that exposes object storage signed URLs, potentially allowing malicious actions.

Understanding CVE-2020-13359

This CVE involves a security issue in GitLab CE/EE versions 12.10 to 13.5.2 related to the Terraform API.

What is CVE-2020-13359?

The vulnerability in GitLab CE/EE versions 12.10 to 13.5.2 exposes the object storage signed URL in the Terraform API delete operation, enabling a project maintainer to overwrite the Terraform state, bypassing controls.

The Impact of CVE-2020-13359

CVSS Base Score: 7.6 (High Severity)
Attack Vector: Network
Integrity Impact: High
Privileges Required: High
Scope: Changed
Confidentiality Impact: Low
The vulnerability can lead to unauthorized access and manipulation of Terraform states, compromising data integrity.

Technical Details of CVE-2020-13359

The technical aspects of the vulnerability in GitLab CE/EE versions 12.10 to 13.5.2.

Vulnerability Description

The Terraform API in affected GitLab versions exposes object storage signed URLs, allowing unauthorized overwriting of Terraform states.

Affected Systems and Versions

Product: GitLab CE/EE
Versions: >=12.10, <13.3.9, >=13.4, <13.4.5, >=13.5, <13.5.2

Exploitation Mechanism

The vulnerability can be exploited by a malicious project maintainer to manipulate Terraform states, circumventing security controls.

Mitigation and Prevention

Steps to mitigate and prevent the exploitation of CVE-2020-13359.

Immediate Steps to Take

Update GitLab CE/EE to a patched version.
Monitor and review Terraform state changes for unauthorized modifications.
Restrict access to sensitive Terraform resources.

Long-Term Security Practices

Regularly audit and review access controls within GitLab.
Educate users on secure Terraform usage and best practices.

Patching and Updates

Apply security patches provided by GitLab promptly to address the vulnerability.