Sources

https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/

Risks

A Critical vulnerability was discovered in Gitlab CE/EE allowing a malicious attacker to compromise the Gitlab server with low privilege access. The compromised system could be used to exfiltrate sensitive data from your organization, and potentially used to pivot into other networks to compromise the entire organization.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. This issue was resolved in versions 16.6.6, 16.7.4, and 16.8.1, and has been backported to version 16.5.8.

The Centre for Cybersecurity Belgium strongly recommends organizations to disable user sign-up functionality in their Gitlab environment to limit the potential attack surface. Additionally, the CCB recommends placing any Gitlab instances behind a zero-trust or VPN network for a strong defence in depth approach.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

More Information

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0402