CVE-2024-6389 - Guest User Access To Commit Information Via Release Atom Endpoint in GitLab-CE/EE

CVE-2024-6389 is a security vulnerability found in GitLab Community Edition (CE) and Enterprise Edition (EE) that affects all versions starting from 17. before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. In this critical issue, an attacker with guest user access rights can inappropriately access commit information through the release Atom endpoint, contrary to the defined permissions.

Exploit Details

Considering the security guidelines and limitations set in GitLab, a guest user should not have the ability to access sensitive data like commit details. However, the vulnerability CVE-2024-6389 allows attackers with guest privileges to go against the security settings and gain access to commit information via the release Atom endpoint.

The impact of this vulnerability can be significant, as it permits unauthorized users to view critical information that should be restricted to authorized users only.

Code Snippet

def atom
  @releases = Release.where(project_id: @project.id)
  @ref = params[:id]
  if @ref
    @commits = @project.repository.commits(@ref)
    if @commits
      @releases = @releases.where(tag: @ref)
    end
  end

  respond_to do |format|
    format.atom { render layout: false }
  end
end

The above code snippet demonstrates how an attacker can exploit the vulnerability to access commit details. The code retrieves the releases for a specific project and then checks for the reference parameter passed within the URL. If it exists, the application fetches all the commits for that reference and returns them.

1. GitLab Security Advisory: https://about.gitlab.com/releases/2024/02/02/security-release-gitlab-17-dot-1-dot-7-released/
2. GitLab Release Notes 17.1.7: https://docs.gitlab.com/ee/security/gitlab_versions.html#gitlab-security-releases
3. GitLab Commit: https://gitlab.com/gitlab-org/gitlab-foss/-/commit/233adb8e3f78f44cc89f502a4cb1e43502b6647c
4. NVD CVE-2024-6389: https://nvd.nist.gov/vuln/detail/CVE-2024-6389

GitLab has addressed this issue in the following version updates

- GitLab CE/EE version 17.1.7
- GitLab CE/EE version 17.2.5
- GitLab CE/EE version 17.3.2

It is highly recommended to update your GitLab instances to one of these patched versions to mitigate the risk associated with this vulnerability.

Conclusion

The CVE-2024-6389 vulnerability found in GitLab CE and EE has severe implications, as it allows potential attackers to bypass security measures and access commit information as guest users. Organizations and individuals must take immediate action to patch their GitLab instances by upgrading to secure versions. By doing so, they can help ensure the integrity and confidentiality of their valuable data.

Timeline

Published on: 09/12/2024 17:15:05 UTC
Last modified on: 09/14/2024 15:10:39 UTC