CVE-2024-10925
📋 TL;DR
This vulnerability in GitLab Enterprise Edition allows Guest users to read Security policy YAML files, potentially exposing sensitive security configuration details. It affects all GitLab-EE instances running vulnerable versions, allowing unauthorized access to security policy information.
💻 Affected Systems
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Guest users could access sensitive security policy configurations, potentially revealing security controls, secrets, or internal security posture information that could aid in further attacks.
Likely Case
Unauthorized users gain visibility into security policies, which could help them understand security controls and potentially identify weaknesses or bypass mechanisms.
If Mitigated
With proper access controls and monitoring, the impact is limited to information disclosure of security policy configurations without direct system compromise.
🎯 Exploit Status
Exploitation requires Guest user access. The vulnerability is an authorization bypass that allows reading security policy files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.7.6, 17.8.4, 17.9.1
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/502857
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab EE version 17.7.6, 17.8.4, or 17.9.1 depending on your current version track. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Guest User Access
allTemporarily restrict or disable Guest user access to projects containing sensitive security policies.
# Navigate to project settings and adjust Guest permissions
# Or use API to modify project access controls
🧯 If You Can't Patch
- Review and audit Guest user permissions across all projects
- Implement additional monitoring for unauthorized access attempts to security policy files
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via Admin Area or command line. If running GitLab EE version 16.2-17.7.5, 17.8-17.8.3, or 17.9-17.9.0, you are vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
After patching, verify version is 17.7.6, 17.8.4, or 17.9.1. Test that Guest users can no longer access security policy YAML files.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to security policy files by Guest users
- Access logs showing Guest users reading YAML files in security policy directories
Network Indicators:
- HTTP requests to security policy endpoints from Guest user accounts
SIEM Query:
source="gitlab" AND user_role="guest" AND (uri_path="/security/policies" OR file_extension=".yml" OR file_extension=".yaml")