Due to a configuration error, the PostgreSQL server that is bundled into omnibus-gitlab trusts all connections originating from the server omnibus-gitlab is running on.
This has been rectified in omnibus-gitlab 6.9.2.omnibus.2 (GitLab Community Edition) and 6.9.4-ee.omnibus.1 (GitLab Enterprise Edition).
We advise all users of omnibus-gitlab to update to the latest release.
Affected versions: all versions of omnibus-gitlab up to and including omnibus-gitlab 6.9.2.omnibus.1 (GitLab Community Edition) and 6.9.4-ee.omnibus (GitLab Enterprise Edition).
Not affected: Source and cookbook installations of GitLab (e.g. not using .deb or .rpm packages). Omnibus-gitlab installations which use an external DBMS are also not affected.
Fixed versions: omnibus-gitlab 6.9.2.omnibus.2 (GitLab Community Edition) and 6.9.4-ee.omnibus.1 (GitLab Enterprise Edition).
Releases
You can download the latest version of omnibus-gitlab for GitLab Community Edition or omnibus-gitlab for GitLab Enterprise Edition and follow the update instructions.
Impact
An attacker who can execute code on the server omnibus-gitlab runs on can get full superuser access to the bundled Postgres database which holds all GitLab metadata.
To see if your omnibus-gitlab installation is affected you can run the following command on your GitLab server.
sudo -u root /opt/gitlab/embedded/bin/psql -U gitlab-psql -d template1 -c '\echo connected to an insecure Postgres instance'
If the command echoes connected to an insecure Postgres instance your omnibus-gitlab installation is affected by this issue.
If you receive an error message psql: FATAL: Peer authentication failed for user "gitlab-psql", your bundled Postgres service is secured.
Please contact us at support@gitlab.com if you have any questions.
