CVE-2024-1493 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2024-1493?

CVE-2024-1493 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows attackers to perform a regular expression denial-of-service (ReDoS) attack against GitLab servers by exploiting inefficient processing logic for generating links in dependency files. All GitLab Community Edition and Enterprise Edition instances running affected versions are vulnerable to server resource exhaustion.

📋 TL;DR

This vulnerability allows attackers to perform a regular expression denial-of-service (ReDoS) attack against GitLab servers by exploiting inefficient processing logic for generating links in dependency files. All GitLab Community Edition and Enterprise Edition instances running affected versions are vulnerable to server resource exhaustion.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 9.2 to 16.11.4, 17.0 to 17.0.2, 17.1 to 17.1.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with dependency scanning or link generation features enabled are affected.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to CPU exhaustion, potentially affecting all GitLab services including repositories, CI/CD pipelines, and user authentication.

🟠

Likely Case

Degraded performance and intermittent service disruptions affecting specific GitLab features that process dependency files.

🟢

If Mitigated

Minimal impact with proper rate limiting, request filtering, and updated versions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to submit malicious dependency files to GitLab, typically requiring some level of access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 16.11.5, 17.0.3, or 17.1.1

Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/441806

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 16.11.5, 17.0.3, or 17.1.1 using your deployment method (Omnibus, Helm, source). 3. Restart GitLab services. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable dependency scanning

all

Temporarily disable dependency scanning features to prevent exploitation

gitlab_rails['dependency_scanning_enabled'] = false

Implement rate limiting

all

Add rate limiting for file uploads and API endpoints

🧯 If You Can't Patch

Implement strict input validation and sanitization for dependency file uploads
Deploy WAF rules to detect and block ReDoS patterns in requests

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via Admin Area or command line: sudo gitlab-rake gitlab:env:info

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Confirm version is 16.11.5+, 17.0.3+, or 17.1.1+ and test dependency file processing

📡 Detection & Monitoring

Log Indicators:

High CPU usage patterns
Long-running requests processing dependency files
Multiple failed dependency parsing attempts

Network Indicators:

Unusually large dependency file uploads
Repeated requests to dependency endpoints

SIEM Query:

source="gitlab" AND ("dependency" OR "package-lock.json" OR "Gemfile.lock") AND duration>10s

📊 Metadata

CVE ID: CVE-2024-1493

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1333

Published: June 27, 2024

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/gitlab-org/gitlab/-/issues/441806 Broken Link
https://hackerone.com/reports/2370084 Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/441806 Broken Link
https://hackerone.com/reports/2370084 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1493, you might also want to check these: