CVE-2024-12431
📋 TL;DR
This vulnerability allows unauthorized users to manipulate the status of issues in public GitLab projects. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations with specific version ranges. Attackers can change issue states without authentication in affected public projects.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Unauthorized users could disrupt project workflows by marking issues as closed, reopened, or changing other status fields, potentially causing confusion, data integrity issues, or workflow disruption in public projects.
Likely Case
Low-privilege attackers or anonymous users could tamper with issue tracking in public repositories, affecting project management and potentially causing minor operational disruptions.
If Mitigated
With proper access controls and monitoring, impact is limited to public projects only, with no access to private repositories or sensitive data.
🎯 Exploit Status
Exploitation requires no authentication and minimal technical skill. The vulnerability is publicly documented with technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.5.5, 17.6.3, or 17.7.1
Vendor Advisory: https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#unauthorized-user-can-manipulate-status-of-issues-in-public-projects
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 17.5.5, 17.6.3, or 17.7.1 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Convert public projects to private
allTemporarily change vulnerable public projects to private to prevent unauthorized access while planning patching.
Navigate to Project Settings > General > Visibility, project, feature, permissions > Change project visibility to Private
🧯 If You Can't Patch
- Monitor issue status changes in public projects for unauthorized modifications
- Implement web application firewall rules to detect and block suspicious issue modification requests
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin panel or run: sudo gitlab-rake gitlab:env:info | grep 'Version:'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Verify version is 17.5.5, 17.6.3, or 17.7.1 or higher. Test issue status modification as unauthorized user in public project.📡 Detection & Monitoring
Log Indicators:
- Unauthorized POST/PUT requests to /api/v4/projects/*/issues/* endpoints
- Issue status changes from unauthenticated IP addresses
Network Indicators:
- Unusual patterns of issue modification requests from external IPs
SIEM Query:
source="gitlab" AND (uri_path="/api/v4/projects/*/issues/*" AND http_method IN ("POST", "PUT") AND user_id="-1")