CVE-2024-9773: A Critical Vulnerability Exploitable in GitLab EE's Harbor Registry Integration

A new security vulnerability, assigned CVE-2024-9773, has been discovered across various versions of GitLab EE (Enterprise Edition). This vulnerability affects all versions starting:

From 17.10 before 17.10.1

The vulnerability stems from an input validation issue in GitLab EE's Harbor registry integration that allows a maintainer to add malicious code to the CLI (Command Line Interface) commands displayed in the user interface.

In this post, we'll examine the details surrounding CVE-2024-9773, as well as discuss the implications and potential means of exploitation.

Affected Software

This vulnerabilty impacts GitLab EE, specifically the following version ranges that need to be addressed to mitigate the risk:

Exploit Details

The root cause of this vulnerability is the inadequate validation of user input within the Harbor registry integration in GitLab EE. Specifically, the issue stems from GitLab EE's attempt to automatically generate Docker CLI commands for users to interact with the Harbor registry. With the right exploit, a maintainer can inject malicious code into the automatically generated commands, which would then be run unknowingly by other users.

Here's a simplified code snippet that showcases the input validation issue

def generate_docker_command(username: str, project_name: str):
    return f"docker login -u {username} --password-stdin {project_name}.registry.gitlab.example.com"

This generate_docker_command function is responsible for providing an example Docker login command to a GitLab EE user. The vulnerability is caused by the use of unsanitized user input (username and project_name), which enables an attacker to include malicious code in the auto-generated command.

To better understand the issue, consider the following scenario:

A malicious maintainer adds their "username" as "fakeusername && rm -rf /". In this case, the generated command will include this command injection payload, which further would be executed by any victim user who ultimately runs the command. To protect users from this potential harm, proper input sanitization is essential.

Original References

- GitLab EE 14.9 release notes

- GitLab EE 17.9.1 release notes

- GitLab EE 17.10.1 release notes

Mitigation & Patches

GitLab has released security patches to address this vulnerability, and it's recommended that affected users upgrade their installations to the following patched versions:

GitLab EE 17.10.1

By updating to these versions, users will effectively mitigate the risks posed by CVE-2024-9773.

Conclusion

CVE-2024-9773 represents a critical vulnerability in GitLab EE's Harbor registry integration, permitting attackers to exploit the input validation issue and manipulate automatically generated CLI commands. To protect your GitLab EE environment, update your installation to the relevant patched version as soon as possible.

Timeline

Published on: 03/27/2025 13:15:35 UTC
Last modified on: 03/27/2025 16:45:12 UTC