www.belgium.be Logo of the federal government

WARNING: HIGH PRIVILEGE ESCALATION IN GITLABCE, GITLABEE, PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-275
Versie: 
1.0
Geïmpacteerde software: 
8.12 to 17.4.4
17.5.0 to 17.5.2
17.6.0
Type: 
Privilege Escalation
CVE/CVSS: 

CVE-2024-8114: CVSS 8.2(CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)

Bronnen

https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/

Risico’s

GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) products. The updates, available in versions 17.6.1, 17.5.3, and 17.4.5, include essential bug fixes and security patches, addressing a high-severity privilege escalation vulnerability

Beschrijving

This high severity vulnerability in GitLab allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. It is strongly recommended that all affected installations be upgraded to the latest version at the earliest opportunity.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/