CVE-2024-12379
📋 TL;DR
This vulnerability allows attackers to cause denial of service in GitLab by creating unbounded symbols via the scopes parameter in Personal Access Tokens. All GitLab CE/EE instances running affected versions are vulnerable. The attack impacts availability by consuming system resources.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete GitLab service outage requiring restart, potentially causing extended downtime and data loss if persistent attacks continue.
Likely Case
Degraded performance and intermittent service interruptions affecting all users until the attack stops or system is restarted.
If Mitigated
Minimal impact with proper rate limiting, monitoring, and quick response to anomalous token creation patterns.
🎯 Exploit Status
Exploitation requires ability to create Personal Access Tokens, which typically requires user authentication. Attack is simple to execute once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.6.5, 17.7.4, 17.8.2
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/508559
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to patched version: 17.6.5, 17.7.4, or 17.8.2. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Personal Access Token Creation
allTemporarily disable or restrict creation of new Personal Access Tokens to prevent exploitation.
# Edit GitLab configuration to restrict token creation
# In gitlab.rb: gitlab_rails['personal_access_tokens_enabled'] = false
Implement Rate Limiting
allAdd rate limiting for Personal Access Token creation endpoints.
# Configure rate limiting in gitlab.rb:
gitlab_rails['rate_limiting_enabled'] = true
gitlab_rails['rate_limiting_requests_per_period'] = 10
gitlab_rails['rate_limiting_period_in_seconds'] = 60
🧯 If You Can't Patch
- Monitor Personal Access Token creation logs for unusual patterns and block suspicious IPs
- Implement network-level controls to restrict access to GitLab token creation endpoints
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or run: sudo gitlab-rake gitlab:env:info | grep 'Version:'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Confirm version is 17.6.5, 17.7.4, or 17.8.2 or higher. Test Personal Access Token creation with malformed scopes parameter.📡 Detection & Monitoring
Log Indicators:
- Unusually high rate of Personal Access Token creation
- Errors related to symbol creation or memory allocation
- API requests with malformed scopes parameter
Network Indicators:
- Spike in POST requests to /api/v4/personal_access_tokens endpoint
- Unusual traffic patterns from single IPs creating multiple tokens
SIEM Query:
source="gitlab" AND ("personal_access_token" OR "/api/v4/personal_access_tokens") AND status=200 | stats count by src_ip