GitLab April 2024 Security Advisory – CVE-2024-2434
Share this:
GitLab has released several security updates to addresses a series of vulnerabilities that could have affect code repositories and development workflows. These flaws range from the potential for complete account hijacking to resource-draining denial-of-service attacks.
These vulnerabilities range from medium to high severity, but all carry significant risk. The Bitbucket OAuth flaw highlights the dangers of account linking. Attackers often target interconnected services to expand their attack surface. If your organization uses GitLab, upgrading to versions 16.11.1, 16.10.4, or 16.9.6 is mandatory.
The first vulnerability in the list is tracked as CVE-2024-2434 with a CVSS score of 8.5, is a Path Traversal Opens Door to Attacks. Attackers could exploit path traversal to cause denial-of-service (DoS) attacks or read restricted files on affected systems.
The second vulnerability in the list is tracked as CVE-2024-2829 with a CVSS score of 7.5, is a Wildcards Cause Denial of Service. Maliciously crafted wildcard filters in GitLab’s FileFinder search could lead to resource exhaustion, causing a DoS condition.
The third vulnerability in the list is tracked as CVE-2024-4024 with a CVSS score of 7.3, is an Account Takeover Through Bitbucket OAuth Under specific circumstances, an attacker with stolen Bitbucket credentials could potentially take over a GitLab account linked to another user’s Bitbucket account. If your instance uses Bitbucket as an OAuth provider, users need to re-link their accounts before May 16th to maintain access.
The fourth vulnerability in the list is tracked as CVE-2024-4006 with a CVSS score of 4.3, is an Access Tokens Overreach. Personal Access Token (PAT) scopes were not properly enforced in GraphQL subscriptions, potentially allowing unauthorized actions.
The fifth and final vulnerability in the list is tracked as CVE-2024-1347 with a CVSS score of 4.3, is an Email Tricks Bypass Security. Domain-based restrictions on GitLab instances or groups could be circumvented using specially formatted email addresses.
