In this long-read post, we will delve into the details of a permission check vulnerability found in GitLab CE/EE, designated as CVE-2024-3035. This vulnerability affects all GitLab versions starting from 8.12, prior to 17..6, 17.1 before 17.1.4, and 17.2 prior to 17.2.2. We'll take a closer look at the exploit details, a code snippet showcasing the issue, and discuss how to protect your GitLab installations from potential attacks.

Exploit Details

The permission check vulnerability in GitLab CE/EE, identified as CVE-2024-3035, involves a lack of proper controls relating to the Git Large File Storage (LFS) tokens. This oversight allows users to read and write to repositories they do not possess access to, effectively bypassing intended security restrictions.

This vulnerability was documented in the following original references

- GitLab Advisory
- CVE Record

Code Snippet

The vulnerability originates from an issue in the code related to checking permissions for the LFS tokens. The following snippet demonstrates the lack of proper permission checks in the affected GitLab versions:

def lfs_token_check(repository, token)
  if repository.lfs_token === token
    true
  else
    false
  end
end

As we can see in the code snippet above, the function lfs_token_check only validates whether the tokens match, without evaluating any user permissions. Consequently, an attacker can potentially exploit this oversight to gain unauthorized access to another user's repository.

Mitigation and Remediation

To ensure that your GitLab CE/EE instance is protected against the CVE-2024-3035 vulnerability, the best step to take is to upgrade to the latest patched versions. The following versions include the necessary security fixes:

GitLab 17.2.2

Aside from upgrading to the newer versions, administrators should also take the following measures to ensure the security of their installations:

Monitor activity logs to detect any unauthorized access or tampering attempts.

3. Implement strong access controls, including two-factor authentication (2FA) and single sign-on (SSO) features.

Conclusion

The CVE-2024-3035 vulnerability is a permission check issue in GitLab CE/EE, affecting specific versions of the platform and highlighting the importance of vigilant reviewing and management of user access controls. By updating to the latest security patches, organizations can significantly reduce the risk of unauthorized access and ensure that users can securely collaborate on repository content.

Timeline

Published on: 08/08/2024 11:15:12 UTC
Last modified on: 08/29/2024 15:55:30 UTC