CVE-2024-10240
📋 TL;DR
This CVE describes an information disclosure vulnerability in GitLab EE where an unauthenticated user can read some information about merge requests in private projects under certain circumstances. It affects GitLab EE versions 17.3.0-17.3.6, 17.4.0-17.4.3, and 17.5.0-17.5.1. The vulnerability allows unauthorized access to potentially sensitive merge request details.
💻 Affected Systems
- GitLab EE
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An attacker could extract sensitive information from private project merge requests, potentially exposing proprietary code, internal discussions, or security-related information.
Likely Case
Limited information disclosure about merge requests in private projects, potentially revealing metadata, titles, or partial content.
If Mitigated
Minimal impact if proper network segmentation and access controls prevent unauthenticated users from reaching GitLab instances.
🎯 Exploit Status
The vulnerability requires specific circumstances but is exploitable without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.3.7, 17.4.4, or 17.5.2
Vendor Advisory: https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab EE version 17.3.7, 17.4.4, or 17.5.2 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict API Access
linuxImplement network-level restrictions to prevent unauthenticated access to GitLab API endpoints.
# Configure firewall rules to restrict access to GitLab API from untrusted networks
# Example: iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit GitLab access to authorized users only
- Monitor API access logs for unusual unauthenticated requests to merge request endpoints
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or command: sudo gitlab-rake gitlab:env:info | grep 'Version:'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Confirm version is 17.3.7, 17.4.4, or 17.5.2 or higher using the same command📡 Detection & Monitoring
Log Indicators:
- Unusual unauthenticated API requests to merge request endpoints
- 401/403 errors followed by successful 200 responses to MR endpoints
Network Indicators:
- Unusual traffic patterns to /api/v4/projects/*/merge_requests/* endpoints from unauthenticated sources
SIEM Query:
source="gitlab" AND (uri_path="/api/v4/projects/*/merge_requests/*" OR uri_path LIKE "/api/v4/projects/%/merge_requests/%") AND http_status=200 AND auth_status="unauthenticated"