WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -2416,7 +2416,7 @@ The product risk level is determined by the highest individual threat risk level
Below is an example of a risk analysis given four identified threats: Cross-origin separation failure, Capability escalation through permissioned surfaces, OS / kernel compromise below browser controls, and Passive or active network attack.
|| Threat ID | Threat | Disposition | Likelihood Factors | L Score | Impact Factors | I Score | Risk (L×I) /81 | Risk Level |
| Threat ID | Threat | Disposition | Likelihood Factors | L Score | Impact Factors | I Score | Risk (L×I) /81 | Risk Level |
|---|---|---|---|---|---|---|---|---|
| T1 | Cross-origin separation failure | Reduced - The identified threat has been reduced due to implementation of state of the art architectural choices that directly mitigate cross-origin separation failure. | **Threat agent:** Skill level (9) — Exploiting cross-origin isolation failures requires advanced vulnerability research skills and security knowledge. This analysis identifies the worst-case threat actor as posessing these skills. / Motive (9) — Access to cross-origin data represents high reward. / Opportunity (7) — The threat actor requires some access and resources. / Size (9) — Any malintentioned internet user can attempt to serve malicious content on the web. **Vulnerability:** Ease of discovery (7) — Vulnerabilities that allow for Spectre-like attacks are well-documented, meaning that the effort required to find them is moderate. / Ease of exploit (5) — Non-trivial but achievable. / Awareness (9) — The vulnerabilities that this threat exploits is well-researched and documented. / Intrusion detection (8) — Browser-level cross-origin exploitation is typically not logged or reviewed in standard browser deployments. | **7.9** | **Technical:** Loss of confidentiality (9) — Successful exploitation would expose all same-process origin data including session tokens, and credentials. / Loss of integrity (3) — Cross-origin reads and, although less likely, data corruption. / Loss of availability (1) — Exploitation does not inherently disrupt service availability. / Loss of accountability (9) — Completely anonymous. **Business:** Financial damage (7) — Loss of sensistive information including credentials and session data can lead to significant financial impact. / Reputation damage (9) — Severe brand and trust incident if exposed to the public. / Non-compliance (7) — Exfiltration of sensitive user data likely constitutes a high-profile GDPR violation. / Privacy violation (9) — Likely to affect millions of users. | **6.8** | **53.6** | High |
| T2 | Capability escalation through permissioned surfaces | Reduced - The identified threat has been reduced due to existing security controls that directly address it. | **Threat agent:** Skill level (6) — The worst-case threat actor identified is estimated to have network and programming skills / Motive (9) — Access to powerful features represents high reward. / Opportunity (7) — Threat actor would need aither a malicious extension or web page accepted by the user, or compromise a developer's account for an already-existing extension. / Size (9) — The threat actor group extends to anonymous Internet user. **Vulnerability:** Ease of discovery (7) — Permission abuse vectors are well-documented and web browser extensions have been widely leveraged as attack vectors due to their privileged state within the web browser execution context. / Ease of exploit (5) — Social engineering users into granting permissions is fairly straightforward. / Awareness (9) — Widely documented and research threat. / Intrusion detection (8) — Permission use is not systematically logged or reviewed at the browser level. | **7.5** | **Technical:** Loss of confidentiality (9) — Escalated permissions can expose highly sensitive data including precise geolocation, file system contents, biometric data, and persistent device identifiers. / Loss of integrity (3) — This threat is primarily used as an exfiltration vector and integrity impact is limited unless file system write access is abused. / Loss of availability (1) — This threat does not inherently impair service availability. / Loss of accountability (7) — Permission grants are tied to origins, not individuals, making confident attribution very unlikely. **Business:** Financial damage (7) — Large-scale exfiltration of user data has severe financial consequences. / Reputation damage (9) — If publicly reported it would cause severe brand and reputational damage. / Non-compliance (7) — Likely high-profile violation of GDPR and other regulatory frameworks. / Privacy violation (9) — Would likely affect millions of users across a widely deployed web browser product. | **6.5** | **48.8** | Medium |
