Share This:

Cybersecurity Threat Advisory

GitLab has released multiple security updates that address a total of 14 vulnerabilities. Attackers can exploit one of the vulnerabilities to run pipelines as any user. Read this Cybersecurity Threat Advisory in detail to learn more about how you can protect yourself against these threats.

What is the threat?

Recent updates released by GitLab have patched multiple vulnerabilities. The most severe of the vulnerabilities is CVE-2024-5655 (CVSS score: 9.6), which could permit malicious actors to run a pipeline as another user under certain circumstances. Other vulnerabilities worth noting include:

  • CVE-2024-4901 (CVSS score: 8.7) – A stored cross-site scripting (XSS) vulnerability could be imported from a project with malicious commit notes.
  • CVE-2024-4994 (CVSS score: 8.1) – A cross-site request forgery (CSRF) attack on GitLab’s GraphQL API leading to the execution of arbitrary GraphQL mutations.
  • CVE-2024-6323 (CVSS score: 7.5) – An authorization flaw in the global search feature that allows for the leakage of sensitive information from a private repository within a public project.
  • CVE-2024-2177 (CVSS score: 6.8) – A cross-window forgery vulnerability that enables an attacker to abuse the OAuth authentication flow via a crafted payload.

Why is it noteworthy?

They have not yet released specific details regarding these vulnerabilities, but due to their severity, we highly recommend updating to the newest versions as soon as possible. Attackers can utilize many flaws to steal credentials, leak information, commit code, access sensitive data, and increase persistence.

What is the exposure or risk?

Versions prior to 17.1.1, 17.0.3, and 16.11.5 are exposed to the vulnerabilities and could result in privilege escalation, XSS attacks, CSRF, and sensitive information leakage. Other risks include:

  • Attacks could run tasks/processes as well as commit new code while masquerading as other users by using their pipelines.
  • Additionally, if a project was imported that contained malicious notes, scripts could be automatically run to steal a user’s login details and more.
  • A CSRF attack is possible using GraphQL API’s IntrospectionQuery endpoint which could allow attackers to execute arbitrary GraphQL mutations.
  • Improper authorization in the global search of GitLab EE can allow an attacker to leak the content of a private repository in a public project.
  • A cross-window forgery vulnerability could enable an attacker to abuse the OAuth authentication flow via a crafted payload.
  • A merge request title could be visible to the public despite being set to only project members.

What are the recommendations?

Barracuda MSP recommends the following actions to mitigate your risk against these threats:

  • Upgrade all GitLab CE/EE versions that are affected by the vulnerabilities as soon as possible. This includes Versions 17.1.1, 17.0.3, 16.11.5 or newer to address the security flaws.
  • Apply the security updates released by GitLab.

References

For more in-depth information about the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Devyn Souza

Posted by Devyn Souza

Devyn is a Cybersecurity Analyst at Barracuda. He's a security expert, working on our Blue Team within our Security Operations Center. Devyn supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *