CVE-2024-3959
📋 TL;DR
This vulnerability in GitLab allows any user to access private job artifacts, bypassing intended access controls. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations running vulnerable versions. This exposes sensitive build outputs, logs, and deployment artifacts that should be restricted to authorized users.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers exfiltrate sensitive credentials, API keys, source code, or proprietary data from private job artifacts, leading to data breaches, intellectual property theft, and lateral movement within the organization.
Likely Case
Unauthorized users access and download private build artifacts containing sensitive information like environment variables, configuration files, or deployment scripts.
If Mitigated
With proper network segmentation and access controls, impact is limited to authenticated users within the GitLab instance, but sensitive data exposure still occurs.
🎯 Exploit Status
Exploitation requires a valid GitLab user account but no special permissions. The vulnerability is simple to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 16.11.5, 17.0.3, or 17.1.1
Vendor Advisory: https://about.gitlab.com/releases/2024/06/26/security-release-gitlab-16-11-5-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 16.11.5, 17.0.3, or 17.1.1 using your package manager. 3. Run 'sudo gitlab-ctl reconfigure'. 4. Restart GitLab services with 'sudo gitlab-ctl restart'.
🔧 Temporary Workarounds
Disable Job Artifacts
linuxTemporarily disable job artifacts to prevent unauthorized access while planning upgrade.
Edit /etc/gitlab/gitlab.rb
Add: gitlab_rails['artifacts_enabled'] = false
Run: sudo gitlab-ctl reconfigure
🧯 If You Can't Patch
- Implement strict network access controls to limit GitLab access to authorized users only.
- Review and rotate any credentials or secrets that may have been exposed in job artifacts.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version with: sudo gitlab-rake gitlab:env:info | grep 'Version:'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Confirm version is 16.11.5, 17.0.3, or 17.1.1 or higher. Test that authenticated users without project access cannot download private job artifacts.📡 Detection & Monitoring
Log Indicators:
- Unusual artifact download patterns from users without project permissions
- Failed authorization attempts followed by successful artifact downloads
Network Indicators:
- Spikes in downloads from /api/v4/projects/*/jobs/*/artifacts endpoints
SIEM Query:
source="gitlab" (url_path="/api/v4/projects/*/jobs/*/artifacts") | stats count by user, project_id