CVE-2024-9623
📋 TL;DR
This vulnerability allows deploy keys to push code to archived GitLab repositories, bypassing intended access controls. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations running vulnerable versions. Organizations using deploy keys for automated access to GitLab repositories are primarily impacted.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An attacker with access to a deploy key could inject malicious code into archived repositories, potentially compromising downstream systems if those repositories are later unarchived or referenced.
Likely Case
Accidental or unauthorized pushes to archived repositories, causing repository corruption or unintended code changes that could affect development workflows.
If Mitigated
Minimal impact if proper access controls and monitoring are in place, as archived repositories typically shouldn't receive new commits.
🎯 Exploit Status
Requires access to a deploy key with push permissions. No public exploit code has been released.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.2.9, 17.3.5, 17.4.2 or later
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/459995
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 17.2.9, 17.3.5, 17.4.2 or later using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable deploy key push access
allTemporarily remove push permissions from all deploy keys until patching is complete
Navigate to Project Settings > Repository > Deploy Keys and disable push access for each key
Archive repository protection
allImplement additional access controls on archived repositories
Review and adjust repository access controls for archived projects
🧯 If You Can't Patch
- Review and audit all deploy keys to ensure they have minimal necessary permissions
- Implement monitoring for push attempts to archived repositories
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via Admin Area or command line. If version falls within affected ranges and deploy keys are used, the instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
After updating, verify the GitLab version is 17.2.9, 17.3.5, 17.4.2 or later. Test that deploy keys can no longer push to archived repositories.📡 Detection & Monitoring
Log Indicators:
- GitLab audit logs showing push events to archived repositories
- API logs with push operations from deploy keys to archived projects
Network Indicators:
- Git push operations to repository paths containing archived projects
SIEM Query:
source="gitlab" AND (event="push" OR operation="push") AND repository_status="archived"