CVE-2024-6678 – This vulnerability in GitLab allows an attacker... (How to Fix)

Q: What is the severity of CVE-2024-6678?

CVE-2024-6678 has a CVSS score of 9.9 (CRITICAL). This vulnerability in GitLab allows an attacker to trigger CI/CD pipelines as any user under specific conditions, potentially leading to unauthorized code execution, data exposure, or resource abuse. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) across multiple version ranges.

📋 TL;DR

This vulnerability in GitLab allows an attacker to trigger CI/CD pipelines as any user under specific conditions, potentially leading to unauthorized code execution, data exposure, or resource abuse. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) across multiple version ranges.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 8.14 to 17.1.6, 17.2 to 17.2.4, 17.3 to 17.3.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments within affected version ranges are vulnerable regardless of configuration.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could execute arbitrary code in the pipeline context, access sensitive data, deploy malicious artifacts, or cause denial of service through resource exhaustion.

🟠

Likely Case

Unauthorized pipeline execution leading to data leakage, unauthorized deployments, or privilege escalation within the GitLab environment.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and pipeline validation are in place, though the vulnerability still presents a significant risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific conditions but is feasible with authenticated access. No public exploit code is available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 17.1.7, 17.2.5, or 17.3.2

Vendor Advisory: https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to the patched version (17.1.7, 17.2.5, or 17.3.2) using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Pipeline Permissions

all

Limit who can trigger pipelines and review pipeline configurations to minimize attack surface.

🧯 If You Can't Patch

Implement strict network segmentation to isolate GitLab instances from critical systems.
Enforce multi-factor authentication and review user access controls to limit potential attackers.

🔍 How to Verify

Check if Vulnerable:

Check your GitLab version against affected ranges: 8.14-17.1.6, 17.2-17.2.4, 17.3-17.3.1.

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab Version'

Verify Fix Applied:

Confirm GitLab version is 17.1.7, 17.2.5, or 17.3.2 or later.

📡 Detection & Monitoring

Log Indicators:

Unusual pipeline triggers from unexpected users
Failed authentication attempts followed by pipeline execution

Network Indicators:

Unexpected outbound connections from GitLab runners
Unusual traffic patterns to artifact repositories

SIEM Query:

source="gitlab" AND (event="pipeline_created" OR event="job_started") | stats count by user

📊 Metadata

CVE ID: CVE-2024-6678

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-290

Published: September 12, 2024

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/gitlab-org/gitlab/-/issues/471923 Broken Link
https://hackerone.com/reports/2595495 Permissions Required
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6678, you might also want to check these: