GitLab warned as we speak {that a} vital vulnerability in its product’s GitLab Neighborhood and Enterprise editions permits attackers to run pipeline jobs as some other consumer.
The GitLab DevSecOps platform has over 30 million registered customers and is utilized by over 50% of Fortune 100 firms, together with T-Cellular, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, and UBS.
The flaw patched in as we speak’s security replace is tracked as CVE-2024-6385, and it acquired a CVSS base rating severity ranking of 9.6 out of 10.
It impacts all GitLab CE/EE variations from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Beneath sure circumstances that GitLab has but to reveal, attackers can exploit it to set off a brand new pipeline as an arbitrary consumer.
GitLab pipelines are a Steady Integration/Steady Deployment (CI/CD) system characteristic that lets customers routinely run processes and duties in parallel or sequentially to construct, take a look at, or deploy code modifications.
The corporate launched GitLab Neighborhood and Enterprise variations 17.1.2, 17.0.4, and 16.11.6 to handle this vital security flaw and suggested all admins to improve all installations instantly.
“We strongly suggest that each one installations working a model affected by the problems described under are upgraded to the most recent model as quickly as attainable,” it warned. “GitLab.com and GitLab Devoted are already working the patched model.”
Account takeover flaw actively exploited in assaults
GitLab patched an virtually an identical vulnerability (tracked as CVE-2024-5655) in late June, which is also exploited to run pipelines as different customers.
One month earlier, it fastened a high-severity vulnerability (CVE-2024-4835) that allows unauthenticated risk actors to take over accounts in cross-site scripting (XSS) assaults.
As CISA warned in Might, risk actors are additionally actively exploiting one other zero-click GitLab vulnerability (CVE-2023-7028) patched in January. This vulnerability permits unauthenticated attackers to hijack accounts by way of password resets.
Whereas Shadowserver discovered over 5,300 susceptible GitLab cases uncovered on-line in January, lower than half (1,795) are nonetheless reachable as we speak.
Attackers goal GitLab as a result of it hosts numerous varieties of delicate company information, together with API keys and proprietary code, resulting in important security influence following a breach.
This consists of provide chain assaults if the risk actors insert malicious code in CI/CD (Steady Integration/Steady Deployment) environments, compromising the breached group’s repositories.