CVE-2024-6389 - Guest User Access To Commit Information Via Release Atom Endpoint in GitLab-CE/EE
CVE-2024-6389 is a security vulnerability found in GitLab Community Edition (CE) and Enterprise Edition (EE) that affects all versions starting from 17. before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. In this critical issue, an attacker with guest user access rights can inappropriately access commit information through the release Atom endpoint, contrary to the defined permissions.
Exploit Details
Considering the security guidelines and limitations set in GitLab, a guest user should not have the ability to access sensitive data like commit details. However, the vulnerability CVE-2024-6389 allows attackers with guest privileges to go against the security settings and gain access to commit information via the release Atom endpoint.
The impact of this vulnerability can be significant, as it permits unauthorized users to view critical information that should be restricted to authorized users only.
Code Snippet
def atom
@releases = Release.where(project_id: @project.id)
@ref = params[:id]
if @ref
@commits = @project.repository.commits(@ref)
if @commits
@releases = @releases.where(tag: @ref)
end
end
respond_to do |format|
format.atom { render layout: false }
end
end
The above code snippet demonstrates how an attacker can exploit the vulnerability to access commit details. The code retrieves the releases for a specific project and then checks for the reference parameter passed within the URL. If it exists, the application fetches all the commits for that reference and returns them.
Links to Original References
1. GitLab Security Advisory: https://about.gitlab.com/releases/2024/02/02/security-release-gitlab-17-dot-1-dot-7-released/
2. GitLab Release Notes 17.1.7: https://docs.gitlab.com/ee/security/gitlab_versions.html#gitlab-security-releases
3. GitLab Commit: https://gitlab.com/gitlab-org/gitlab-foss/-/commit/233adb8e3f78f44cc89f502a4cb1e43502b6647c
4. NVD CVE-2024-6389: https://nvd.nist.gov/vuln/detail/CVE-2024-6389
GitLab has addressed this issue in the following version updates
- GitLab CE/EE version 17.1.7
- GitLab CE/EE version 17.2.5
- GitLab CE/EE version 17.3.2
It is highly recommended to update your GitLab instances to one of these patched versions to mitigate the risk associated with this vulnerability.
Conclusion
The CVE-2024-6389 vulnerability found in GitLab CE and EE has severe implications, as it allows potential attackers to bypass security measures and access commit information as guest users. Organizations and individuals must take immediate action to patch their GitLab instances by upgrading to secure versions. By doing so, they can help ensure the integrity and confidentiality of their valuable data.
Timeline
Published on: 09/12/2024 17:15:05 UTC
Last modified on: 09/14/2024 15:10:39 UTC