CVE-2024-2651: GitLab CE/EE Markdown Denial of Service Vulnerability and Exploit Details

A recent vulnerability, identified as CVE-2024-2651, has been discovered in GitLab Community Edition (CE) and GitLab Enterprise Edition (EE). This vulnerability affects all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, and all versions starting from 16.11 before 16.11.2. By exploiting this vulnerability, an attacker can cause a denial of service by crafting malicious markdown content. In this post, we will discuss in detail the vulnerability, the exploit, and the links to original references.

Vulnerability Details

GitLab, a popular web-based Git repository management system, uses markdown syntax for rendering READMEs, comments, and other descriptions in a user-friendly format. However, the vulnerability in GitLab's markdown engine can be exploited by an attacker to cause a denial of service (DoS).

An attacker can inject a large block of maliciously crafted markdown content, causing GitLab's server to consume excessive resources, resulting in slow responsiveness or service unavailability to other users. This can lead to productivity issues for teams relying on GitLab as their primary code repository management system.

Exploit Details

To exploit the vulnerability, an attacker can create a sequence of characters referred to as a "billion laughs attack" within the markdown content. A billion laughs attack is a type of DoS attack that uses XML or other data structures to repeatedly cause the server to allocate memory and expand the payload, consuming excessive resources on the system.

Here's an example of a malicious markdown payload that can be used to exploit the CVE-2024-2651 vulnerability:

* [![DoS](data:image/svg+xml;base64,PHN2ZyB3aWRaDiMSIgaGVpZ2hPSIxIiB4bWxucziaHRcDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwhLSKU29tZSBtYWxpY2lvdXMgcGF5bG9hZCBoZXJlCjwhLS1bW3AtLT4KPC9zdmc+)](data:image/svg+xml;base64,PHN2ZyB3aWRaDiMSIgaGVpZ2hPSIxIiB4bWxucziaHRcDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwhLSKU29tZSBtb3JlIG1hbGljaW91cyBwYXlsb2FkIGhlcmUKPCEtLXdccGgtLT4KPC9zdmc+)*

Once this content is added to a markdown file, issues, merge requests, or comments on GitLab, the system will be overwhelmed with the processing resources required to render the malicious content. This will lead to the DoS condition affecting GitLab's performance.

To get more information about this vulnerability (CVE-2024-2651), please visit the following links

1. Official CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2651
2. GitLab Patch Details: https://about.gitlab.com/releases/2022/07/01/security-release-gitlab-16-11-2-released/
3. NIST Vulnerability Details: https://nvd.nist.gov/vuln/detail/CVE-2024-2651

Conclusion

This GitLab markdown vulnerability (CVE-2024-2651) is a serious issue that affects system availability for organizations relying on GitLab as their primary code repository management system. It is recommended to update your GitLab version to the latest patched version to mitigate the risk posed by this vulnerability. Additionally, consider implementing code review processes and automated security tools to identify and prevent malicious payloads from being introduced to your GitLab repositories.

Timeline

Published on: 05/14/2024 15:20:14 UTC
Last modified on: 05/14/2024 16:13:02 UTC