CVE-2024-9164
📋 TL;DR
This vulnerability in GitLab EE allows attackers to run CI/CD pipelines on arbitrary branches, bypassing branch protection rules. It affects GitLab EE installations running vulnerable versions, potentially enabling unauthorized code execution or deployment. All organizations using affected GitLab EE versions are at risk.
💻 Affected Systems
- GitLab EE
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers could execute arbitrary code in CI/CD pipelines, deploy malicious code to production, exfiltrate sensitive data, or compromise the entire GitLab instance and connected systems.
Likely Case
Unauthorized pipeline execution leading to code deployment, repository manipulation, or privilege escalation within the GitLab environment.
If Mitigated
Limited impact if branch protection rules are strictly enforced and pipeline permissions are properly configured, though some bypass capability remains.
🎯 Exploit Status
Exploitation requires some level of access to the GitLab instance, but the vulnerability bypasses branch protection controls.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.2.9, 17.3.5, or 17.4.2
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/493946
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab EE version 17.2.9, 17.3.5, or 17.4.2 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict pipeline permissions
allTighten pipeline runner permissions and branch protection rules to limit potential damage
Disable vulnerable features
allTemporarily disable or restrict pipeline triggers and CI/CD features if not essential
🧯 If You Can't Patch
- Implement strict branch protection rules and require approvals for all pipeline executions
- Monitor pipeline logs for unauthorized branch executions and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via Admin Area or command line. If version falls within affected ranges, instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Verify GitLab version is 17.2.9, 17.3.5, or 17.4.2 or higher. Test that pipeline execution respects branch protection rules.📡 Detection & Monitoring
Log Indicators:
- Unauthorized pipeline executions on protected branches
- Pipeline triggers from unexpected users or IPs
- CI/CD job logs showing unexpected branch names
Network Indicators:
- Unusual pipeline API calls to branch endpoints
- Increased CI/CD runner activity
SIEM Query:
source="gitlab" AND ("pipeline" OR "CI/CD") AND ("protected branch" OR "unauthorized branch")