CVE-2024-12380
📋 TL;DR
This vulnerability in GitLab EE/CE allows sensitive authentication information to be exposed through repository mirroring settings. Attackers could potentially access credentials or tokens used for repository mirroring. All GitLab instances running affected versions are vulnerable.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain authentication credentials for external repositories, potentially gaining access to source code, intellectual property, or other sensitive data in mirrored repositories.
Likely Case
Unauthorized users with access to GitLab could view exposed authentication information in repository mirroring configuration pages.
If Mitigated
With proper access controls and monitoring, exposure would be limited to authorized users only, minimizing data leakage impact.
🎯 Exploit Status
Exploitation requires access to GitLab interface and knowledge of repository mirroring settings. No public exploit code has been released.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.7.7, 17.8.5, or 17.9.2
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/508557
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 17.7.7, 17.8.5, or 17.9.2 depending on your current version track. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable repository mirroring
allTemporarily disable repository mirroring functionality to prevent credential exposure
# Disable via GitLab admin settings or remove mirroring configurations from projects
Rotate repository credentials
allChange authentication credentials for all mirrored repositories
# Update credentials in external repository systems and GitLab mirroring settings
🧯 If You Can't Patch
- Restrict access to repository mirroring settings to only necessary administrators
- Implement monitoring for unusual access to repository mirroring configuration pages
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via Admin Area or command line. If version is between 11.5-17.7.6, 17.8.0-17.8.4, or 17.9.0-17.9.1, the instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
After updating, verify version is 17.7.7, 17.8.5, or 17.9.2 or higher. Test repository mirroring functionality to ensure it works without exposing credentials.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to repository mirroring settings
- Multiple failed authentication attempts to mirrored repositories
Network Indicators:
- Unexpected connections to external repository systems from GitLab server
SIEM Query:
source="gitlab" AND (event="repository_mirroring" OR event="mirror_settings") AND user!="expected_admin_users"