Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: TWO CRITICAL AND THREE HIGH-SEVERITY VULNERABILITIES ARE AFFECTING GITLAB COMMUNITY EDITION (CE) AND GITLAB ENTERPRISE EDITION (EE)
Image
Published : 14/10/2024
Reference:
Advisory #2024-240
Version:
1.1
Affected software:
GitLab Community Edition: all versions starting from: 11.6 prior to 17.2.9; 12.5 prior to 17.2.9; 17.3 prior to 17.3.5; 17.4 prior to 17.4.2
GitLab Enterprise Edition versions 3.15
Type:
Authorization bypass; Remote Code Execution (RCE); Server-Side Request Forgery (SSRF)
CVE/CVSS:
CVE-2024-9164 CVSS:9.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)
CVE-2024-8970 CVSS:8.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)
CVE-2024-8977 CVSS:8.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)
CVE-2024-6530 CVSS:7.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
CVE-2024-6530 CVSS:7.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
Sources
Risks
GitLab an Open Source code repository and collaborative software development platform for large DevOps and DevSecOps projects.
The present vulnerabilities have a HIGH impact on Confidentiality and Integrity.
Description
CVE-2024-9164
Allows unauthorized users to trigger Continuous Integration/Continuous Delivery (CI/CD) pipelines on any branch of a repository, which could potentially lead to code execution.
CVE-2024-8970
Allows an attacker to trigger a pipeline as another user under certain circumstances.
CVE-2024-8977
Instances with Product Analytics Dashboard configured and enabled could be vulnerable to Cross-Site Request Forgery SSRF attacks.
CVE-2024-6530
A cross-site scripting issue. When authorising a new application, it can be made to render as HTML under specific circumstances. This could allow attackers to inject malicious scripts and steal user data.
A cross-site scripting issue. When authorising a new application, it can be made to render as HTML under specific circumstances. This could allow attackers to inject malicious scripts and steal user data.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.