CVE-2024-5435
📋 TL;DR
This vulnerability in GitLab EE/CE allows attackers to retrieve user passwords stored in repository mirror configurations. It affects GitLab instances running vulnerable versions, potentially exposing credentials used for repository mirroring.
💻 Affected Systems
- GitLab EE
- GitLab CE
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to repository mirror credentials, enabling unauthorized access to external repositories, credential reuse attacks, or lateral movement.
Likely Case
Unauthorized users with access to GitLab can extract passwords from mirror configurations, compromising the security of mirrored repositories.
If Mitigated
With proper access controls and monitoring, impact is limited to credential exposure without further exploitation.
🎯 Exploit Status
Exploitation requires authenticated access to GitLab.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.1.7, 17.2.5, 17.3.2
Vendor Advisory: https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/
Restart Required: Yes
Instructions:
1. Backup GitLab instance. 2. Update to patched version using package manager. 3. Restart GitLab services. 4. Verify update.
🔧 Temporary Workarounds
Disable repository mirroring
allTemporarily disable repository mirroring to prevent credential exposure.
Rotate mirror credentials
allChange passwords for all repository mirror configurations.
🧯 If You Can't Patch
- Restrict access to repository mirror configuration pages.
- Implement network segmentation for GitLab instance.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin panel or command: sudo gitlab-rake gitlab:env:infoCheck Version:
sudo gitlab-rake gitlab:env:info | grep VersionVerify Fix Applied:
Confirm version is 17.1.7, 17.2.5, 17.3.2 or later.📡 Detection & Monitoring
Log Indicators:
- Unusual access to repository mirror configuration endpoints
- Failed authentication attempts for mirror repositories
Network Indicators:
- Unexpected outbound connections to external repositories
SIEM Query:
source="gitlab" AND (uri_path="/admin/mirrors" OR event="mirror_access")