GitLab releases patch for critical flaw enabling arbitrary branch pipeline execution
Take action: f you are running GitLab CE/EE, plan a quick patch. All flaws require certain preconditions to be exploited or are not immediately critical. But an attacker will find a way to chain them for an exploit, so don't delay.
Learn More
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE), including a fix for a one critical flaw enabling unauthorized execution of CI/CD pipelines.
Vulnerability details flagged as critical and high severity:
- CVE-2024-9164 (CVSS score 9.6) - allows unauthorized users to execute Continuous Integration/Continuous Delivery (CI/CD) pipelines on any branch of a repository, bypassing branch protections.
- CVE-2024-8977 (CVSS score 8.2) - An SSRF vulnerability in the Analytics Dashboard that could be exploited for server-side request forgery.
- CVE-2024-6530 (CVSS score 7.3): An HTML injection flaw in the OAuth page that could enable cross-site scripting (XSS) during OAuth authorization.
The following two flaws are flagged as high severity by GitLab even though the CVSS score is medium
- CVE-2024-8970 (CVSS score 4.3) - allows arbitrary user impersonation to trigger pipelines as another user.
- CVE-2024-9631 (CVSS score 4.3) - SSRF that allows user impersonation in the Analytics Dashboard,
These flaws affects GitLab CE/EE versions from 12.5 up to 17.2.8, 17.3 through 17.3.4, and 17.4 up to 17.4.1
GitLab has issued patches in the following updated versions:
- 17.4.2
- 17.3.5
- 17.2.9
The company strongly advises users of affected versions to upgrade to these patched versions to mitigate the risks. For GitLab Dedicated users, no action is needed as their instances are automatically updated to the latest secure version.
