CVE-2024-7091 – This vulnerability in GitLab allows authenticat... (How to Fix)

Q: What is the severity of CVE-2024-7091?

CVE-2024-7091 has a CVSS score of 4.1 (MEDIUM). This vulnerability in GitLab allows authenticated users to access limited information from exported groups or projects belonging to other users. It affects GitLab Community Edition and Enterprise Edition installations running vulnerable versions. The information disclosure is limited but could expose metadata about other users' resources.

📋 TL;DR

This vulnerability in GitLab allows authenticated users to access limited information from exported groups or projects belonging to other users. It affects GitLab Community Edition and Enterprise Edition installations running vulnerable versions. The information disclosure is limited but could expose metadata about other users' resources.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 15.6 to 17.0.4, 17.1 to 17.1.2, 17.2 to 17.2.0

Operating Systems: All platforms running GitLab

Default Config Vulnerable: ⚠️ Yes

Notes: All GitLab deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could systematically enumerate and access metadata from multiple groups/projects they shouldn't have access to, potentially discovering sensitive project names, member lists, or organizational structures.

🟠

Likely Case

Accidental or opportunistic discovery of limited metadata about other users' groups or projects through normal GitLab usage patterns.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring, as the vulnerability only exposes limited information to authenticated users.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to GitLab. The vulnerability is in the export functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 17.0.5, 17.1.3, or 17.2.1

Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/408469

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 17.0.5, 17.1.3, or 17.2.1 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable project/group exports

linux

Temporarily disable the export functionality that contains the vulnerability

gitlab-rails console
ApplicationSetting.first.update(project_export_enabled: false, group_export_enabled: false)

🧯 If You Can't Patch

Implement strict access controls and monitor export-related activities
Limit user permissions to only necessary functions and regularly audit access logs

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via admin interface or command: sudo gitlab-rake gitlab:env:info

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Confirm version is 17.0.5, 17.1.3, or 17.2.1 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual export activity patterns
Multiple export requests from single user
Export requests for groups/projects user shouldn't access

Network Indicators:

Increased API calls to export endpoints
Unusual timing of export requests

SIEM Query:

source="gitlab" AND (event="export" OR endpoint="/api/*/export") | stats count by user, project

📊 Metadata

CVE ID: CVE-2024-7091

CVSS v3 Score: 4.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

CWE: CWE-200

Published: July 24, 2024

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/gitlab-org/gitlab/-/issues/408469 Broken Link
https://gitlab.com/gitlab-org/gitlab/-/issues/408469 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7091, you might also want to check these: