In a recent security update, GitLab has released a patch addressing a critical vulnerability that could permit unauthorized users to overwrite files. This poses a risk of data corruption or the execution of arbitrary code. The vulnerability affects GitLab CE/EE across multiple versions.
GITLAB CRITICAL VULNERABILITY
A critical vulnerability, designated as CVE-2024-0402 and rated as high as 9.9 out of 10, has been discovered. This flaw enables attackers to execute arbitrary code on GitLab instances, posing risks of data theft, unauthorized access to sensitive information, and disruption of critical development operations. The vulnerability originates from a flaw in GitLab’s handling of incoming HTTP requests, allowing attackers to craft malicious requests and exploit the system.
To exploit CVE-2024-0402, an attacker initiates by crafting a malicious request incorporating directory traversal sequences (
../../). These sequences are embedded within the parameters responsible for defining workspace paths. As the GitLab server processes this request, inadequate input validation permits these sequences to navigate beyond the intended workspace directory.
The exploitation chain unfolds as follows:
- The attacker devises a specifically crafted request, incorporating directory traversal characters and specifying the file they aim to overwrite.
- The crafted request is transmitted to the GitLab server during the workspace creation process.
- The server, inadequately validating the input, processes the request, resulting in the overwrite of the targeted file.
- Depending on the overwritten file, the attacker can achieve various malicious objectives, including code execution, privilege escalation, data tampering, or other malicious activities.
GITLAB RELEASES FIXES TO CVE-2024-0402
GitLab has issued patches for the critical vulnerability. It is strongly advised by experts that all installations running a version affected by the described issues should be promptly upgraded to the latest version. Notably, GitLab.com and GitLab Dedicated environments have already implemented the patched version. The security fix for this vulnerability has been backported to the following versions: 16.5.8, 16.6.6, 16.7.4, and 16.8.1.
GitLab has addressed four medium-severity vulnerabilities. These vulnerabilities have the potential to result in regular expression denial-of-service (ReDoS), HTML injection, and the exposure of a user’s public email address through the tags RSS feed.
In addition to applying the patch, organizations are recommended to take further measures to enhance their security posture:
- Conduct a comprehensive review of system logs for any indications of exploitation or unusual activity.
- Regularly update all software components to their latest versions to mitigate vulnerabilities.
- Implement network segmentation and firewall rules to restrict access to critical systems.
- Integrate EDR/XDR with other security systems to improve coverage and incident response capabilities.