CVE-2024-5258 - GitLab Pipeline Authorization Bypass Vulnerability in Versions 16.10 to 17..1

A vulnerability has been discovered in GitLab, affecting versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17. before 17..1. The vulnerability, identified as CVE-2024-5258, allows authenticated attackers to bypass pipeline authorization logic by using a specially crafted naming convention. This could grant unauthorized access to GitLab pipelines.

Vulnerability Details

The vulnerability exists due to improper handling of pipeline authorization logic within GitLab instance. An authenticated attacker can exploit this issue by crafting a pipeline name that bypasses the existing authorization check. This can potentially allow the attacker to manage, create, or edit pipelines they should not have access to, leading to a range of unauthorized actions.

The malicious payload would typically look similar to this code snippet

{
  "gitlab": {
    "feature_flags": {
      "name": "malicious-pipeline-name",
      "enabled": true
    }
  }
}

Affected components: GitLab Pipeline Authorization Logic

5. Impact: Unauthorized access to pipelines, tampering with pipeline configurations, and management of pipelines the attacker should not have access to

Original sources and references for this vulnerability include the following

1. GitLab Advisory for CVE-2024-5258
2. CVE-2024-5258 Official Record
3. NVD Record for CVE-2024-5258

Exploit and Mitigation

To exploit this vulnerability, an attacker would need to be authenticated to the GitLab instance and possess knowledge of crafting a malicious pipeline name and, possibly, the pipeline structure. The vulnerability affects specific GitLab versions and can be exploited by sending a request containing the malicious payload to the affected GitLab instance.

Regularly audit the access control and pipeline management settings within your GitLab instance

In conclusion, it is essential for GitLab administrators to be aware of this vulnerability and take the necessary steps to upgrade or patch their GitLab instances as soon as possible. By doing so, you can safeguard your pipelines and ensure secure access control within your environment.

Timeline

Published on: 05/23/2024 11:15:24 UTC
Last modified on: 05/24/2024 01:15:30 UTC