CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-6678

CVSS 9.9v3.1pub. 2024-09-12upd. 2024-11-21

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-290 (Authentication Bypass by Spoofing) allows an authenticated attacker to bypass identity verification mechanisms under specific circumstances. As a result, the attacker can initiate a CI/CD pipeline as if they were another, arbitrarily chosen user of the system. The vulnerability affects a wide range of versions — all releases from 8.14 and above that have not been patched.

Impact

An attacker can run CI/CD pipelines as any user, leading to unauthorized code execution, privilege escalation, leakage of secrets and environment variables stored in the pipeline, as well as compromise of the entire development environment and software supply chain.

Mitigation & patch

Update GitLab CE/EE to version 17.1.7, 17.2.5, or 17.3.2 (depending on the branch in use). Patches were released by the vendor on September 11, 2024, as part of the patch release 17.3.2.

Who is affected

GitLab CE/EE: all versions from 8.14 to 17.1.6 (inclusive), versions 17.2.0–17.2.4, and versions 17.3.0–17.3.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • GitLab

    APP
    Gitlab
    8.14.0 – 17.1.7 (bez)17.2.0 – 17.2.5 (bez)17.3.0 – 17.3.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
CI/CD
CWE
References

Related vulnerabilities

CVE-2023-7028CRITICAL10.0⚠ KEVPL ✓ten sam produkt

GitLab: Przejęcie konta przez reset hasła na niezweryfikowany e-mail

CVE-2021-22205CRITICAL10.0⚠ KEVten sam produkt

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properl...

CVE-2024-7102CRITICAL9.6PL ✓ten sam produkt

GitLab CE/EE: uruchomienie pipeline jako inny użytkownik (privilege escalation)

CVE-2024-9164CRITICAL9.6PL ✓ten sam produkt

GitLab EE: uruchamianie pipeline CI/CD na dowolnych gałęziach bez autoryzacji

CVE-2024-45409CRITICAL10.0PL ✓ten sam produkt

Ruby-SAML: pominięcie weryfikacji podpisu odpowiedzi SAML — Auth Bypass