CVE-2024-9693
📋 TL;DR
This vulnerability in GitLab CE/EE allows unauthorized access to the Kubernetes agent in a cluster under specific configurations. Attackers could potentially gain access to Kubernetes resources managed by GitLab. All GitLab instances using affected versions with Kubernetes agent configurations are impacted.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of Kubernetes clusters managed by GitLab, allowing attackers to deploy malicious pods, exfiltrate sensitive data, or disrupt operations.
Likely Case
Unauthorized access to Kubernetes resources, potentially leading to data exposure or limited cluster manipulation.
If Mitigated
Minimal impact if proper network segmentation and access controls are implemented, limiting exposure to authorized users only.
🎯 Exploit Status
Exploitation requires knowledge of specific vulnerable configurations and access to the GitLab instance.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.3.7, 17.4.4, 17.5.2
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/497449
Restart Required: Yes
Instructions:
1. Backup GitLab instance. 2. Update to patched version: 17.3.7, 17.4.4, or 17.5.2. 3. Restart GitLab services. 4. Verify Kubernetes agent functionality.
🔧 Temporary Workarounds
Disable Kubernetes Agent
linuxTemporarily disable the Kubernetes agent feature if not required.
gitlab-rails runner "Feature.disable(:kubernetes_agent)"
Restrict Network Access
linuxLimit network access to GitLab Kubernetes agent endpoints using firewall rules.
iptables -A INPUT -p tcp --dport 443 -s trusted_networks -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate GitLab from Kubernetes clusters.
- Review and harden Kubernetes agent configurations to minimize attack surface.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version: gitlab-rake gitlab:env:info | grep 'GitLab version'. If version falls within affected ranges and Kubernetes agent is configured, instance is vulnerable.Check Version:
gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Verify GitLab version is 17.3.7, 17.4.4, or 17.5.2 or higher. Test Kubernetes agent functionality to ensure it works properly.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Kubernetes agent endpoints in GitLab logs
- Unexpected Kubernetes API calls originating from GitLab
Network Indicators:
- Suspicious traffic between GitLab and Kubernetes clusters on non-standard ports
- Unauthorized connection attempts to Kubernetes agent services
SIEM Query:
source="gitlab" AND ("kubernetes_agent" OR "unauthorized_access")