CVE-2024-8977
📋 TL;DR
This vulnerability allows Server-Side Request Forgery (SSRF) attacks against GitLab Enterprise Edition instances with Product Analytics Dashboard enabled. Attackers can make the vulnerable server send unauthorized requests to internal systems. All GitLab EE instances running affected versions with Product Analytics Dashboard configured are at risk.
💻 Affected Systems
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Full internal network reconnaissance, data exfiltration from internal services, and potential lateral movement to other systems via the compromised GitLab server.
Likely Case
Information disclosure from internal services, enumeration of internal network resources, and potential access to metadata services.
If Mitigated
Limited impact due to network segmentation, egress filtering, and proper access controls on internal services.
🎯 Exploit Status
Requires authenticated access to GitLab and Product Analytics Dashboard configuration
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.2.9, 17.3.5, 17.4.2
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/491060
Restart Required: Yes
Instructions:
1. Backup GitLab instance. 2. Update to patched version using package manager. 3. Restart GitLab services. 4. Verify version update.
🔧 Temporary Workarounds
Disable Product Analytics Dashboard
linuxTemporarily disable the vulnerable feature until patching is possible
gitlab-rails runner "Feature.disable(:product_analytics_dashboard)"
🧯 If You Can't Patch
- Implement strict network egress filtering from GitLab servers
- Apply network segmentation to isolate GitLab from sensitive internal services
🔍 How to Verify
Check if Vulnerable:
Check GitLab version and Product Analytics Dashboard status: gitlab-rails runner "puts Gitlab::VERSION; puts Feature.enabled?(:product_analytics_dashboard)"Check Version:
cat /opt/gitlab/version-manifest.txt | grep gitlabVerify Fix Applied:
Verify version is 17.2.9+, 17.3.5+, or 17.4.2+ and test SSRF attempts are blocked📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from GitLab server
- Requests to internal IP ranges or metadata services
Network Indicators:
- GitLab server making unexpected HTTP requests to internal services
SIEM Query:
source="gitlab" AND (http_request OR network_outbound) AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16 OR dest_ip=169.254.169.254)