CVE-2024-5067 – This vulnerability allows group members with De... (How to Fix)

Q: What is the severity of CVE-2024-5067?

CVE-2024-5067 has a CVSS score of 4.4 (MEDIUM). This vulnerability allows group members with Developer or higher roles to access project-level analytics settings that should be restricted. It affects GitLab EE installations running vulnerable versions, potentially exposing sensitive configuration data to unauthorized internal users.

📋 TL;DR

This vulnerability allows group members with Developer or higher roles to access project-level analytics settings that should be restricted. It affects GitLab EE installations running vulnerable versions, potentially exposing sensitive configuration data to unauthorized internal users.

💻 Affected Systems

Products:

GitLab EE

Versions: 16.11 to 17.0.4, 17.1 to 17.1.2, 17.2 to 17.2.0

Operating Systems: All platforms running GitLab

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects GitLab EE (Enterprise Edition). GitLab CE (Community Edition) is not affected. Requires users to have Developer role or higher in a group.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive project analytics settings containing confidential business metrics or operational data are exposed to unauthorized group members, potentially enabling further attacks or data exfiltration.

🟠

Likely Case

Internal users with Developer+ roles inadvertently access analytics settings they shouldn't see, potentially learning about project metrics, usage patterns, or configuration details they're not authorized to view.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to information disclosure within already-trusted internal users who have some level of legitimate access to the group.

🌐 Internet-Facing: LOW - This is primarily an internal information disclosure issue affecting authenticated users with existing group access.

🏢 Internal Only: MEDIUM - While limited to authenticated users, it allows privilege escalation within role-based access controls for internal developers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access as a group member with Developer role or higher. The vulnerability involves DOM data leakage that can be accessed through normal web interface interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 17.0.5, 17.1.3, or 17.2.1

Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/458504

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update GitLab EE to version 17.0.5, 17.1.3, or 17.2.1 depending on your current version track. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Developer Role Access

all

Temporarily reduce Developer role permissions or limit group membership while awaiting patch

🧯 If You Can't Patch

Implement strict access controls and monitor group member activities
Consider temporarily limiting analytics feature usage in vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via Admin Area or run: sudo gitlab-rake gitlab:env:info | grep 'Version:'

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'Version:'

Verify Fix Applied:

Confirm version is 17.0.5+, 17.1.3+, or 17.2.1+ and test that Developer role users cannot access restricted analytics settings

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to analytics endpoints by Developer role users
Multiple failed authorization attempts for analytics resources

Network Indicators:

Increased requests to /groups/*/analytics endpoints from Developer role accounts

SIEM Query:

source="gitlab" AND (uri_path="/analytics" OR uri_path="/groups/*/analytics") AND user_role="Developer"

📊 Metadata

CVE ID: CVE-2024-5067

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: July 24, 2024

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/gitlab-org/gitlab/-/issues/458504 Broken Link
https://gitlab.com/gitlab-org/gitlab/-/issues/462427 Exploit,Issue Tracking,Vendor Advisory
https://hackerone.com/reports/2462303 Permissions Required
https://hackerone.com/reports/2502047 Permissions Required
https://gitlab.com/gitlab-org/gitlab/-/issues/458504 Broken Link
https://gitlab.com/gitlab-org/gitlab/-/issues/462427 Exploit,Issue Tracking,Vendor Advisory
https://hackerone.com/reports/2462303 Permissions Required
https://hackerone.com/reports/2502047 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5067, you might also want to check these: