SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-5655

CVE-2024-5655: GitLab Auth Bypass Vulnerability

CVE-2024-5655 is an authentication bypass flaw in GitLab CE/EE that lets attackers trigger pipelines as other users. This article covers technical details, affected versions from 15.8 onward, impact analysis, and mitigation.

Updated:

CVE-2024-5655 Overview

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.

Critical Impact

This vulnerability allows unauthorized triggering of pipelines, potentially leading to privilege escalation.

Affected Products

  • GitLab CE 15.8
  • GitLab CE 17.0
  • GitLab CE 17.1

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to GitLab
  • Not Available - CVE CVE-2024-5655 assigned
  • Not Available - GitLab releases security patch
  • 2024-06-27 - CVE CVE-2024-5655 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2024-5655

Vulnerability Analysis

This vulnerability arises from improper access control that allows attackers to trigger GitLab pipelines as different users.

Root Cause

The exploit is due to a lack of sufficient user authentication checks when managing pipeline triggers.

Attack Vector

Network-based attacks exploiting improper authorization mechanisms to trigger pipelines as other users.

python
# Example exploitation code (sanitized)
import requests

url = "https://gitlab-instance.com/api/pipeline/trigger"
data = {
    "token": "attacker-token",
    "ref": "main"
}

response = requests.post(url, data=data)
print(response.status_code)

Detection Methods for CVE-2024-5655

Indicators of Compromise

  • Unusual pipeline executions
  • Authentication logs showing pipeline triggers by unauthorized users
  • Unusual API requests

Detection Strategies

Implement logging to detect unauthorized pipeline triggers and monitor access logs for anomalous activity on user tokens.

Monitoring Recommendations

Enable detailed logging on GitLab APIs and set up alerts for any unauthorized or suspicious pipeline activity.

How to Mitigate CVE-2024-5655

Immediate Actions Required

  • Revoke all API tokens and re-issue them securely.
  • Restrict pipeline trigger permissions to verified users only.
  • Audit user access rights regularly.

Patch Information

GitLab has released security patches for all affected versions. Users should promptly update to 16.11.5, 17.0.3, or 17.1.1 or later.

Workarounds

Limit the scope of users allowed to trigger pipelines or disable the feature temporarily if patching is not immediately possible.

bash
# Configuration example
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne