CVE-2024-1947
📋 TL;DR
This vulnerability allows attackers to cause a denial of service (DoS) condition in GitLab by sending specially crafted API calls. It affects all GitLab Community Edition and Enterprise Edition instances running vulnerable versions. The attack can disrupt GitLab service availability.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability of GitLab instance, preventing all users from accessing repositories, CI/CD pipelines, and other GitLab functionality.
Likely Case
Partial service degradation or temporary unavailability affecting some GitLab features or users.
If Mitigated
Minimal impact with proper rate limiting, API access controls, and monitoring in place.
🎯 Exploit Status
Exploitation requires API access but does not require authentication. Attack complexity is low as it involves sending crafted API requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 16.10.6, 16.11.3, 17.0.1
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/443559
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 16.10.6, 16.11.3, or 17.0.1 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Rate Limiting
allImplement strict rate limiting on API endpoints to prevent DoS attacks.
Configure rate limiting in GitLab configuration file (gitlab.rb) with appropriate limits
API Access Restriction
allRestrict API access to trusted IP addresses only.
Configure firewall rules or GitLab application-level restrictions to limit API access
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit API access to trusted sources only.
- Deploy Web Application Firewall (WAF) with rate limiting and anomaly detection for API endpoints.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or command line. If version falls within affected ranges, instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Verify GitLab version is 16.10.6, 16.11.3, 17.0.1 or higher after patching.📡 Detection & Monitoring
Log Indicators:
- Unusual volume of API requests
- Patterns of crafted API calls
- Increased error rates in API logs
Network Indicators:
- High volume of requests to GitLab API endpoints
- Unusual request patterns from single or multiple sources
SIEM Query:
source="gitlab" AND ("API" OR "/api/") AND (status=429 OR status=5xx) | stats count by src_ip