WARNING: CRITICAL ARBITRARY FILE WRITE VULNERABILITY IN GITLAB CE/EE, PATCH IMMEDIATELY!
CVE-2024-0402 :CVSS 9.9(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
Risks
A Critical vulnerability was discovered in Gitlab CE/EE allowing a malicious attacker to compromise the Gitlab server with low privilege access. The compromised system could be used to exfiltrate sensitive data from your organization, and potentially used to pivot into other networks to compromise the entire organization.
Description
CVE-2024-0402 is an arbitrary write vulnerability which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. This vulnerability can be used by a malicious attacker to upload webshells or other malware to your Gitlab instance. The uploaded malicious files can be used to compromise the Gitlab server.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. This issue was resolved in versions 16.6.6, 16.7.4, and 16.8.1, and has been backported to version 16.5.8.
The Centre for Cybersecurity Belgium strongly recommends organizations to disable user sign-up functionality in their Gitlab environment to limit the potential attack surface. Additionally, the CCB recommends placing any Gitlab instances behind a zero-trust or VPN network for a strong defence in depth approach.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
More Information
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0402