CVE-2024-5655
📋 TL;DR
This vulnerability in GitLab allows an attacker to trigger CI/CD pipelines as another user under specific conditions, potentially executing unauthorized code or accessing sensitive data. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations across multiple recent versions. Organizations using affected GitLab instances for development pipelines are at risk.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An attacker could trigger pipelines with elevated privileges, potentially gaining access to sensitive credentials, deploying malicious code to production, or exfiltrating source code and secrets.
Likely Case
Attackers could abuse pipeline permissions to access internal build artifacts, secrets, or trigger unauthorized deployments in development environments.
If Mitigated
With proper access controls and monitoring, impact would be limited to unauthorized pipeline executions that could be detected and rolled back.
🎯 Exploit Status
Exploitation requires some level of access to the GitLab instance but can be performed by authenticated users with limited privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 16.11.5, 17.0.3, 17.1.1
Vendor Advisory: https://about.gitlab.com/releases/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 16.11.5, 17.0.3, or 17.1.1 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Pipeline Permissions
allTighten pipeline runner permissions and access controls to limit potential damage from unauthorized pipeline execution.
🧯 If You Can't Patch
- Implement strict access controls on CI/CD runners and pipeline execution
- Enable detailed audit logging for all pipeline activities and monitor for unauthorized executions
🔍 How to Verify
Check if Vulnerable:
Check your GitLab version against affected ranges: 15.8-16.11.4, 17.0-17.0.2, or 17.1-17.1.0.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Verify GitLab version is 16.11.5, 17.0.3, or 17.1.1 or later.📡 Detection & Monitoring
Log Indicators:
- Unexpected pipeline triggers from unusual users or IPs
- Pipeline executions with mismatched user permissions
Network Indicators:
- Unusual API calls to pipeline endpoints
- Suspicious runner registration or job requests
SIEM Query:
source="gitlab" AND (event="pipeline_created" OR event="job_started") | stats count by user, source_ip | where count > threshold