CVE-2024-8116: Critical Vulnerability in GitLab CE/EE Allows Unauthorized Retrieval of Branch Names Using GraphQL Query
A critical vulnerability (CVE-2024-8116) has been discovered in GitLab, a popular web-based DevOps platform that streamlines software development, affecting both the Community Edition (CE) and Enterprise Edition (EE). Researchers found that all versions starting from 16.9 to before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2 are susceptible to this exploit. A threat actor could potentially use a specific GraphQL query to retrieve branch names without proper authorization under specific conditions. Immediate action is required to patch affected instances of GitLab.
Exploit Details
The vulnerability in question is a information disclosure vulnerability that allows unauthorized users to retrieve sensitive information (branch names) within a GitLab repository. This data may provide an attacker with insights into internal projects, development processes, and potential vulnerabilities within the software. The attacker crafts a specialized GraphQL query, exploiting the affected version of GitLab, and can extract information that was never intended to be disclosed.
Code Snippet
The following is a sample GraphQL query that will trigger the vulnerability, allowing an attacker to extract branch names in an unauthorized manner:
query {
project(fullPath: "sample/repo") {
repository {
branches {
nodes {
name
}
}
}
}
}
This query targets a specific repository (replacing "sample/repo" with the target) and asks for the branch names within it. The GraphQL engine processes and returns the data, bypassing any intended authorization checks.
References and Sources
This vulnerability, tracked as CVE-2024-8116, has been officially acknowledged and documented by the GitLab team. It is highly recommended to consult the following sources for an in-depth understanding of the issue and instructions on how to mitigate its effects:
- GitLab Security Release: 17.6.2, 17.5.4, and 17.4.6
- Official CVE Record: CVE-2024-8116
Recommended Actions and Mitigation
GitLab has released security patches for the affected versions, and it is imperative to update instances as soon as possible. Failure to do so may put your GitLab instance and sensitive data at risk.
The following table provides guidance on which versions to upgrade to for each affected release
| Affected Version | Patched Version |
| --- | --- |
| 16.9.x to 17.4.5 | 17.4.6 |
| 17.5.x to 17.5.3 | 17.5.4 |
| 17.6.x to 17.6.1 | 17.6.2 |
In conclusion, GitLab administrators should be aware of the CVE-2024-8116 vulnerability allowing unauthorized retrieval of branch names and take immediate action to apply the recommended patches. Ensuring the security of your GitLab instance is crucial in protecting your valuable software development projects from unauthorized access and potential harm.
Timeline
Published on: 12/16/2024 05:15:05 UTC