GitLab Issues Emergency Patch for Pipeline Exploitation Vulnerability

GitLab recently rolled out urgent security patches to address multiple vulnerabilities, including a severe pipeline execution flaw.

Critical-Severity Pipeline Vulnerability Addressed in Latest Patch Rollout

The vulnerability, tracked as CVE-2024-6678, carries a critical severity ranking of 9.9, as it could let threat actors exploit GitLab’s CI/CD pipelines to trigger automated actions under unauthorized accounts.

The danger of this vulnerability stems from its remote execution capabilities and its potential to wreak havoc with next-to-no user interaction. Threat actors can exploit it to execute stop actions on behalf of authorized users with low-level privileges and no interaction from the victim.

GitLab’s CI/CD pipelines are essential for automating software development workflows, allowing users to streamline code integration, testing and deployment.

Several GitLab Community Edition and Enterprise Edition Affected

The flaw affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions from 8.14 up to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. All users are strongly advised to update to versions 17.3.2, 17.2.5 or 17.1.7 to mitigate the threat.

Beyond the critical vulnerability, GitLab addressed other high-severity issues in its recent rollout, including potential denial-of-service (DoS) attacks, session hijacking via compromised tokens, and unauthorized command executions.

Patch Also Addresses Other, Less-Severe Issues

For instance, CVE-2024-8124 could let threat actors overload systems and render GitLab instances unresponsive by sending large parameters.

Another equally relevant example is CVE-2024-8641, a medium-severity flaw that could be exploited to steal a victim’s GitLab session token and hijack its session. For this flaw to work, however, the perpetrator must obtain the target’s CI_JOB_TOKEN beforehand.

Users Should Immediately Update to Patched Versions

GitLab’s security advisory lists several other issues of various severity levels, and urges users to prioritize updating to safe versions to avoid attacks leveraging these faults.

“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” the advisory says.