ClickCease GitLab Vulnerability Exploits Lead To CI/CD Pipeline Execution - TuxCare

Check the status of CVEs. Learn More.

Table of Contents

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Follow Us On Social

TuxCare Blog

GitLab Vulnerability Exploits Lead To CI/CD Pipeline Execution

by Wajahat Raja

October 23, 2024 - TuxCare expert team

A security update has recently been released for a GitLab vulnerability that, if exploited, could lead to CI/CD pipeline execution. Apart from this GitLab vulnerability, the update addressed eight other security flaws. In this article, we’ll dive into the details of the flaw, its severity, and the aftermath of a possible exploit. Let’s begin! 

The GitLab Vulnerability Uncovered 

The most recent GitLab vulnerability is being tracked as CVE-2024-9164. This flaw has a critical vulnerability severity score (CVSS) of 9.6 out of 10. Providing details on the affected versions, GitLab, in an advisory, has stated that:

“An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.”

Given the severity of the flaw, those keen on ensuring protection must comprehend CI/CD pipelines. That said, these pipelines are basically automated processes that perform a variety of different tasks. These tasks pertain to code building, testing, and deployment.

It’s worth mentioning here that these tasks are only available to users with necessary permission. A threat actor capable of exploiting security protocols and taking control of such tasks can execute code and gain access to sensitive information. 

Additional GitLab Security Flaws 

As per recent reports on the GitLab vulnerability, a total of eight flaws were identified. From the seven that remain, four are rated as highly severe, two have medium severity, and one has low severity. A detailed breakdown of the severity vulnerabilities is provided below: 

Vulnerability  CVSS Score  Purpose
CVE-2024-8970  8.2 Allows attackers to trigger a pipeline as another user under specific circumstances.
CVE-2024-8977 8.2 Allows SSRF attacks in GitLab EE instances where the Product Analytics Dashboard is configured and enabled.
CVE-2024-9631 7.5 Leads to slowness when viewing merge requests with conflicts.
CVE-2024-6530 7.3 Leads to HTML injection in OAuth page when authorizing a new application.

Staying Secure From Potential Exploits 

As far as the security practices are concerned, users must ensure that they are updated to the latest version as it can help mitigate the GitLab vulnerability threat and ensure protection. It’s worth mentioning that disclosure of this GitLab vulnerability is the latest addition to the pipeline flaws GitLab has experienced in recent times.  

The company, last month, addressed another GitLab vulnerability. That flaw was tracked as  CVE-2024-6678 and had a CVSS of 9.9. In case of an exploit, threat actors would have been capable of running pipeline jobs as an arbitrary user. Before this GitLab vulnerability, three other critical flaws were addressed. These flaws included: 

  • CVE-2023-5009  
    • CVSS score: 9.6.
  • CVE-2024-5655 
    • CVSS score: 9.6.
  • CVE-2024-6385
    •  CVSS score: 9.6.

Conclusion 

To safeguard against the critical GitLab vulnerability and others, it’s essential to stay updated with the latest versions. Exploits of CI/CD pipelines can have severe consequences, allowing unauthorized access and control. Regular updates and vigilant security measures are the key to mitigating potential security threats in GitLab.

The sources for this piece include articles in The Hacker News and Bleeping Computer.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare