GitLab has released updates to address multiple recently discovered vulnerabilities, one of which is rated highly critical.
This flaw, designated CVE-2024-6678 and provided a severity rating of 9.9/10, could allow threat actors to arbitrarily execute “jobs,” which are primary elements of GitLab’s continuous integration, continuous delivery (CI/CD) pipeline. The flaw affects several versions of both Community and Enterprise editions of GitLab.
GitLab also took the opportunity to address three high-severity, 11 medium-severity, and two low-severity vulnerabilities as part of the update.
So far, GitLab isn’t aware of any active exploitation of any of the 17 vulnerabilities addressed but is recommending that users update as soon as possible regardless.
Source: The Hacker News
Analysis
GitLab pipelines are comprised of jobs, which define what will be done, such as compiling or testing code, as well as stages that spell out when to run the jobs. By executing pipeline jobs, threat actors may be able to access private or member-only code repositories as well as other internal assets, such as secrets of private projects.
CI/CD solutions are popular targets for threat actors looking to obtain or manipulate source code to identify vulnerabilities and conduct supply chain attacks.
For example, in March 2024, a critical severity authentication bypass vulnerability in the on-premise version of JetBrains’s TeamCity CI/CD solution was leveraged by various threat actors to create administrator accounts on unpatched TeamCity instances exposed to the internet. This provided full control over all the projects, builds, agents, and artifacts contained on the server.
While GitLab isn’t yet aware of any active exploitation of CVE-2024-6678, its high severity rating indicates that it is likely easy to exploit, and that poses a significant threat to software development teams using GitLab for CI/CD.
Thus, it's likely only a matter of time before threat actors begin targeting unpatched deployments of GitLab, making it vital that administrators patch as soon as possible.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in platforms like GitLab. Field Effect MDR users are automatically notified if a vulnerable GitLab version is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of affected GitLab update to the latest version as soon as possible, in accordance with the advisory.
Related Articles
