GitLab rolled out a series of patches to address six vulnerabilities in its software development platform, one of which is rated as critical. Tracked as CVE-2024-6385, the vulnerability is rated as critical with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to run pipeline jobs as an arbitrary user.
GitLab is a web-based DevOps lifecycle solution built by GitLab Inc., providing unrivaled insight and productivity across the DevOps lifecycle in a single application.
CVE-2024-5257
The vulnerability GitLab CE/EE affects all versions starting from 17.0 before 17.0.4 and 17.1 before 17.1.2. The vulnerability may allow a developer with an admin_compliance_framework custom role permission to modify the URL for a group namespace.
CVE-2024-5470
The vulnerability GitLab CE/EE affects all versions starting from 17.0 before 17.0.4 and 17.1 before 17.1.2. The vulnerability may allow a guest user with admin_push_rules permission to create project-level deploy tokens.
CVE-2024-6595
The vulnerability GitLab CE/EE affects all versions starting from 11.8 before 16.11.6, 17.0 before 17.0.4, and 17.1 before 17.1.2. The vulnerability may allow an attacker to upload an NPM package with conflicting package data.
CVE-2024-2880
The vulnerability GitLab CE/EE affects all versions starting from 16.5 before 16.11.6, 17.0 before 17.0.4, and 17.1 before 17.1.2. The vulnerability may allow users with admin_group_member custom role permission to ban group members.
CVE-2024-5528
The vulnerability GitLab CE/EE affects all versions starting from 16.11.6, 17.0 before 17.0.4, and 17.1 before 17.1.2. The vulnerability may allow a subdomain takeover in GitLab Pages by checking if the domain is enabled whenever the custom domain is resolved.
Affected Versions
- GitLab CE/EE: all versions before 16.11.6
- GitLab CE/EE: from 17.0 before 17.0.4
- GitLab CE/EE: from 17.1 before 17.1.2
Mitigation
GitLab has released versions 17.1.2, 17.0.4, and 16.11.6 to patch the vulnerability.
For more information, please visit the GitLab release announcement page.
Qualys Detection
Qualys customers can scan their devices with QID 380176 to detect vulnerable assets.
Please follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/