CVE-2024-5435: GitLab EE/CE Password Disclosure Vulnerability in Repository Mirror Configuration

A critical vulnerability has been discovered in GitLab Enterprise Edition (EE) and Community Edition (CE) that can lead to the disclosure of user passwords. The issue (designated as CVE-2024-5435) affects all versions of the software starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, and all versions starting from 17.3 before 17.3.2.

Description

The password disclosure vulnerability arises from improper handling of repository mirror configurations in GitLab EE/CE. When an attacker gains access to a GitLab instance, they may be able to gain access to users' passwords stored in these configurations. This can lead to unauthorized access to users' Git repositories, compromising their work and potentially leading to further attacks.

Exploit Details

The issue is due to improper handling of the repository mirror configuration, which can lead to the disclosure of a user's password when an attacker has access to the system.

A sample code snippet illustrating the vulnerability

// Insecure GitLab repository mirror configuration
{
    "url": "https://username:password@git.example.com/repo.git";,
    "name": "Example Repository",
    "mirror": true,
    "repository_id": 12345
}

In this example, the user's password is passed as a part of the URL. An attacker with access to the GitLab system would be able to view the configuration and gain the user's password.

GitLab has released patches for the affected versions

- 17.1.7 GitLab Patch 17.1.7 Download
- 17.2.5 GitLab Patch 17.2.5 Download
- 17.3.2 GitLab Patch 17.3.2 Download

To protect your GitLab instance, you should update to one of these patched versions.

Recommendations

- Update GitLab EE/CE to the latest patched version
- Audit your repository mirror configurations to ensure that passwords are not being stored in an insecure manner

Regularly perform security audits on your GitLab instance to check for unauthorized access

- Educate users about the risks of using weak passwords and the importance of using secure password managers

Conclusion

The CVE-2024-5435 vulnerability in GitLab EE/CE is critical and may lead to the unauthorized disclosure of user passwords. By applying the recommended patches and following the recommended security practices, you can protect your GitLab instance and the sensitive information contained within.

Stay vigilant and keep your software updated to prevent attacks that could exploit this and other vulnerabilities. And, as always, maintain a proactive security mindset by educating your users and your team about good security practices.

Timeline

Published on: 09/12/2024 17:15:05 UTC
Last modified on: 09/14/2024 15:05:50 UTC