CVE-2024-9693: Unauthorized Access to Kubernetes Agent in GitLab CE/EE under Specific Configurations

A security vulnerability was recently discovered in GitLab CE/EE (Community Edition and Enterprise Edition) that affects all versions of the software, from 16. to 17.3.6, from 17.4 to 17.4.3, and from 17.5 to 17.5.1. This issue could have allowed unauthorized access to the Kubernetes agent in a cluster when specific configurations were in place. To prevent this vulnerability from being exploited, GitLab has released patches to address the issue in affected versions. In this post, we will explore the details of this vulnerability, CVE-2024-9693, and provide guidance on how to safeguard your GitLab deployment.

The Vulnerability

The vulnerability revolves around the Kubernetes agent, which is used to manage and monitor Kubernetes clusters from within GitLab. In certain configurations of the software, unauthorized users could potentially gain access to the Kubernetes agent and perform actions without proper permissions. This could lead to unauthorized changes to the cluster, affecting its security and functionality.

Exploit Details

The specifics of how this exploit occurs are currently not available to the public. However, GitLab has provided information on the affected configurations that could lead to unauthorized access. The vulnerability is present when:

Code Snippet

To safeguard your GitLab instance, it is essential to ensure the agent configuration file is correctly set up. The following example demonstrates the correct way to configure the Kubernetes agent:

global:
  # Ensure only authorized users can access the agent
  only_users:
    - user1@example.com
    - user2@example.com
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  ...

While the code snippet above demonstrates an example configuration, it is crucial to consult your specific GitLab installation documentation and customize the configuration file based on the security requirements of your organization.

Mitigation

To address the CVE-2024-9693 vulnerability, GitLab has released security patches for the affected versions of its software. Users should upgrade to the latest patched versions to mitigate the vulnerability:

- GitLab CE/EE 17.3.7
- GitLab CE/EE 17.4.4
- GitLab CE/EE 17.5.2

Upgrading to one of these versions will ensure that unauthorized access can no longer occur due to this vulnerability. For more comprehensive instructions on upgrading GitLab, refer to the official GitLab documentation:

- Upgrading GitLab CE
- Upgrading GitLab EE

For more information on this vulnerability, consult the following sources

- GitLab Security Release: 17.5.2, 17.4.4, and 17.3.7
- CVE-2024-9693: GitLab Unauthorized Access

Conclusion

Security vulnerabilities such as CVE-2024-9693 can have serious consequences for the affected software and the organizations that use it. By staying informed about these vulnerabilities and ensuring the correct mitigation measures are taken, we can minimize risks and maintain a secure and efficient GitLab deployment.

Timeline

Published on: 11/14/2024 11:15:05 UTC
Last modified on: 11/15/2024 13:58:08 UTC