GitLab CE/EE Vulnerability Allows Attacker to Trigger Pipeline as Another User
CVE-2024-6385

9.6CRITICAL

Key Information:

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
11 July 2024

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿ“ฐ News Worthy

Summary

A critical vulnerability, tracked as CVE-2024-6385, has been found in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to 17.0.4, and 17.1 prior to 17.1.2. This vulnerability allows attackers to trigger a pipeline as another user under certain circumstances, potentially enabling arbitrary pipeline job execution. GitLab has issued a patch to address this critical flaw, highlighting the importance for users to update their software as soon as possible to mitigate the risk. While there is no evidence of exploitation by ransomware groups, the potential impact of this vulnerability is significant, as it could allow attackers to run malicious code, access sensitive data, and compromise software integrity. Additionally, the previous CVE-2024-5655 vulnerability highlights the need for organizations to move beyond reactive security measures and employ continuous monitoring of development tools for security risks.

Affected Version(s)

GitLab 15.8 < 16.11.6

GitLab 17.0 < 17.0.4

GitLab 17.1 < 17.1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-6385 - Proof of Concept

News Articles

favicon imageSC Media

GitLab patches 2nd critical pipeline vulnerability in last month

CVE-2024-6385, like another bug patched last month, could allow attackers to run pipelines as any user.

2 months ago

favicon imageSC Media

Severe vulnerabilities addressed by GitLab, others

GitLab has issued a fix for the critical flaw in GitLab Community Edition and Enterprise Edition software, tracked as CVE-2024-6385, which could be leveraged for arbitrary pipeline job execution.

7 months ago

favicon imageSC Media

GitLab patches 2nd critical pipeline vulnerability in last month

CVE-2024-6385, like another bug patched last month, could allow attackers to run pipelines as any user.

7 months ago

References

https://gitlab.com/gitlab-org/gitlab/-/issues/469217
issue-trackingpermissions-required
https://hackerone.com/reports/2578672
technical-descriptionexploitpermissions-required

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ“ฐ

    First article discovered by IT Pro

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program
.