Login Sign Up

CVE-2024-2177

6.8 MEDIUM
Authentication Bypass

📋 TL;DR

A Cross Window Forgery vulnerability in GitLab CE/EE allows attackers to manipulate the OAuth authentication flow via crafted payloads, potentially enabling unauthorized access. This affects all GitLab instances running vulnerable versions. Attackers could exploit this to compromise user accounts or perform unauthorized actions.

💻 Affected Systems

Products:
  • GitLab Community Edition
  • GitLab Enterprise Edition
Versions: 16.3 to 16.11.4, 17.0 to 17.0.2, 17.1 to 17.1.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All GitLab deployments with OAuth enabled are vulnerable. Self-managed and GitLab.com instances are affected.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack OAuth sessions to gain unauthorized access to GitLab accounts, potentially leading to data theft, code manipulation, or privilege escalation.

🟠

Likely Case

Attackers could perform account takeover of GitLab users via OAuth flow manipulation, enabling access to repositories, pipelines, and sensitive data.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to specific user accounts rather than system-wide compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction with crafted payloads but doesn't require authentication to initiate attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 16.11.5, 17.0.3, 17.1.1

Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/444467

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to patched version: 16.11.5, 17.0.3, or 17.1.1. 3. Restart GitLab services. 4. Verify update with version check.

🔧 Temporary Workarounds

Disable OAuth Authentication

all

Temporarily disable OAuth authentication to prevent exploitation

Edit GitLab configuration to disable OAuth providers

Restrict OAuth Applications

all

Review and restrict authorized OAuth applications

Review /admin/applications in GitLab admin panel

🧯 If You Can't Patch

  • Implement strict network controls to limit GitLab access to trusted users only
  • Monitor OAuth authentication logs for suspicious activity and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check GitLab version against affected ranges: 16.3-16.11.4, 17.0-17.0.2, 17.1-17.1.0

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'Version:'

Verify Fix Applied:

Verify GitLab version is 16.11.5, 17.0.3, or 17.1.1 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual OAuth authentication patterns
  • Multiple failed OAuth attempts from same source
  • OAuth requests with unusual parameters

Network Indicators:

  • Suspicious redirects in OAuth flow
  • Unexpected OAuth callback requests

SIEM Query:

source="gitlab" AND (oauth OR authentication) AND (error OR failed OR suspicious)

📊 Metadata

CVE ID: CVE-2024-2177
CVSS v3 Score: 6.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-1021
Published: July 9, 2024
Last Updated: December 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2177, you might also want to check these:

CVE-2021-23274 9.8

This CVE describes a clickjacking vulnerability in TIBCO API Exchange Gateway's Config UI component ...

Same vulnerability type (CWE-1021)
CVE-2021-21132 9.6

This vulnerability in Chrome DevTools allowed malicious Chrome extensions to escape the browser's se...

Same vulnerability type (CWE-1021)
CVE-2024-10004 9.1

This vulnerability in Firefox for iOS causes the browser to incorrectly display an HTTPS padlock ico...

Same vulnerability type (CWE-1021)