In a new security update, GitLab has issued a patch for a critical vulnerability. This flaw could allow unauthorized users to overwrite files, potentially leading to data corruption or executing arbitrary code. This vulnerability impacts GitLab CE/EE across several versions.
New GitLab Critical Vulnerability Discovered
A critical vulnerability identified as CVE-2024-0402, rated as high as 9.9 of 10. It allows attackers to execute arbitrary code on GitLab instances, potentially leading to data theft, unauthorized access to sensitive information, and disruption of critical development operations. This vulnerability stems from a flaw in GitLab’s handling of incoming HTTP requests, making it possible for attackers to craft malicious requests and exploit the system.
To exploit CVE-2024-0402, an attacker begins by preparing a malicious request that includes directory traversal sequences ( ‘. . /’). This is embedded within the parameters responsible for defining workspace paths. When the GitLab server processes this request, the improper input validation allows these sequences to navigate beyond the intended workspace directory.
The exploitation chain looks like this:
- Preparation
The attacker crafts a specially designed request, embedding directory traversal characters along with the name of the file they intend to overwrite. - Execution
This request sends to the GitLab server during the workspace creation process. - Overwrite
The server, failing to sanitize the input properly, processes the request, leading to the overwrite of the targeted file. - Post-Exploitation
Depending on the overwritten file, the attacker can achieve various malicious objectives, including code execution, privilege escalation, data tampering, or else.
GitLab Releases Fixes to CVE-2024-0402
GitLab has released patches for the critical vulnerability. Experts strongly recommend that all installations running a version affected by the issues described are upgraded to the latest version as soon as possible. GitLab.com and GitLab Dedicated environments are already running the patched version. The fix for this security vulnerability has been backported to the following versions: 16.5.8, 16.6.6, 16.7.4 and 16.8.1.
GitLab has resolved four medium-severity vulnerabilities. Additionally these vulnerabilities could lead to regular expression denial-of-service (ReDoS), HTML injection, and the disclosure of a user’s public email address via the tags RSS feed.
Mitigation Strategies
Beyond applying the patch, organizations are advised to take further steps to enhance their security posture:
- Conduct a thorough review of system logs for any signs of exploitation or unusual activity.
- Regularly update all software components to their latest versions to mitigate vulnerabilities.
- Employ network segmentation and firewall rules to limit access to critical systems.
- Integrate EDR/XDR with other security systems for better coverage and incident response.
