CVE-2024-7102
📋 TL;DR
This vulnerability in GitLab allows attackers to trigger CI/CD pipelines as another user under specific conditions, potentially leading to unauthorized code execution or data exposure. It affects all GitLab Community Edition and Enterprise Edition installations from version 16.4 up to (but not including) 17.5.0.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An attacker could execute arbitrary code in the victim's pipeline context, potentially accessing sensitive data, modifying repositories, or deploying malicious code to production environments.
Likely Case
Attackers could trigger pipelines to exfiltrate secrets, access protected branches, or cause denial of service through resource exhaustion.
If Mitigated
With proper access controls and monitoring, impact would be limited to unauthorized pipeline executions that could be detected and rolled back.
🎯 Exploit Status
Exploitation requires specific conditions but authenticated access to GitLab is needed. The HackerOne report suggests practical exploitation is feasible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.5.0 and later
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/474414
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Upgrade to GitLab 17.5.0 or later. 3. Restart GitLab services. 4. Verify the upgrade was successful.
🔧 Temporary Workarounds
Disable pipeline triggers
linuxTemporarily disable pipeline triggers for all projects to prevent exploitation while patching.
gitlab-rails runner "Project.update_all(ci_config_path: nil)"
🧯 If You Can't Patch
- Implement strict access controls and review all pipeline trigger permissions
- Enable detailed audit logging for all pipeline executions and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check GitLab version: if between 16.4 and 17.4.99, you are vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Verify GitLab version is 17.5.0 or later and test pipeline trigger functionality.📡 Detection & Monitoring
Log Indicators:
- Unexpected pipeline triggers from unusual users
- Pipeline executions with mismatched user contexts
- Failed authentication attempts followed by pipeline triggers
Network Indicators:
- Unusual API calls to pipeline trigger endpoints
- Spike in CI/CD job executions
SIEM Query:
source="gitlab" AND (event="pipeline_created" OR event="job_started") | stats count by user, project