CVE-2021-39877
📋 TL;DR
This vulnerability in GitLab allows attackers to cause denial of service through uncontrolled resource consumption by uploading specially crafted files. It affects GitLab instances starting from version 12.2, potentially impacting availability for all users of vulnerable installations.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to resource exhaustion, affecting all GitLab functionality including repositories, CI/CD pipelines, and user access.
Likely Case
Degraded performance or temporary service interruptions affecting specific features or users.
If Mitigated
Minimal impact with proper monitoring and resource limits in place.
🎯 Exploit Status
Exploitation requires authenticated access to upload files. The vulnerability is documented in public bug reports with technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: GitLab 14.3.2, 14.2.5, and 14.1.7
Vendor Advisory: https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-2-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 14.3.2, 14.2.5, or 14.1.7 using your deployment method (Omnibus, source, Helm, etc.). 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict file upload permissions
allLimit which users can upload files to GitLab repositories
Implement file size limits
linuxConfigure GitLab to reject files above a certain size threshold
gitlab_rails['max_file_size'] = 10.megabytes
🧯 If You Can't Patch
- Implement strict access controls to limit who can upload files
- Monitor system resources and set up alerts for unusual resource consumption
🔍 How to Verify
Check if Vulnerable:
Check GitLab version: if version is between 12.2 and 14.1.6, 14.2.4, or 14.3.1 inclusive, the instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Verify GitLab version is 14.3.2, 14.2.5, 14.1.7 or later using the version check command.📡 Detection & Monitoring
Log Indicators:
- Unusually large file uploads
- Spikes in memory/CPU usage
- Failed file processing operations
Network Indicators:
- Large file uploads to GitLab repositories
- Increased network traffic to GitLab file endpoints
SIEM Query:
source="gitlab.log" AND ("upload" OR "file") AND size>100MB🔗 References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39877.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/300095
- https://hackerone.com/reports/1077021
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39877.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/300095
- https://hackerone.com/reports/1077021
