CVE-2024-11931
📋 TL;DR
This vulnerability allows users with developer role in GitLab to exfiltrate protected CI/CD variables via the CI lint feature. It affects GitLab Community Edition and Enterprise Edition installations running vulnerable versions. The issue occurs under specific conditions where developers can access sensitive CI variables they shouldn't normally see.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Developers could steal sensitive CI/CD variables containing secrets like API keys, database credentials, or deployment tokens, leading to data breaches, unauthorized access to external systems, or supply chain compromise.
Likely Case
Developers with access to CI lint could accidentally or intentionally view protected variables containing non-critical configuration data, potentially exposing internal system details or limited access credentials.
If Mitigated
With proper role-based access controls and audit logging, impact is limited to authorized developers who might view variables they shouldn't, but monitoring could detect suspicious access patterns.
🎯 Exploit Status
Requires developer-level authenticated access and knowledge of how to trigger the specific CI lint condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.6.4, 17.7.3, or 17.8.1
Vendor Advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 17.6.4, 17.7.3, or 17.8.1 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Developer Access to CI Lint
allTemporarily remove developer access to CI lint feature via project settings or group settings.
Audit Protected CI Variables
allReview and rotate any sensitive CI variables that developers might have accessed.
🧯 If You Can't Patch
- Implement strict monitoring of CI lint API access and alert on unusual patterns
- Rotate all protected CI variables and implement more granular access controls
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin panel or command line. If version falls within affected ranges and developers have CI lint access, instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
After patching, verify version is 17.6.4, 17.7.3, or 17.8.1 or higher. Test that developers cannot access protected variables via CI lint.📡 Detection & Monitoring
Log Indicators:
- Unusual CI lint API calls from developer accounts
- Multiple CI lint validations in short timeframes
- Access to projects with protected variables from unexpected users
Network Indicators:
- Increased traffic to /api/v4/ci/lint endpoints
- Patterns of CI lint requests followed by pipeline executions
SIEM Query:
source="gitlab" AND (uri_path="/api/v4/ci/lint" OR uri_path="/ci/lint") AND user_role="developer"