CVE-2024-7091 Overview
An information disclosure vulnerability has been discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1. This vulnerability allows an attacker to disclose limited information of an exported group or project to another user, potentially exposing sensitive project metadata or configuration details that should remain confidential.
Critical Impact
Authenticated attackers can access limited information from exported groups or projects belonging to other users, potentially exposing confidential project data and organizational structure.
Affected Products
- GitLab Community Edition (CE) versions 15.6 to 17.0.4
- GitLab Enterprise Edition (EE) versions 15.6 to 17.0.4
- GitLab CE/EE versions 17.1 to 17.1.2
- GitLab CE/EE versions 17.2 to 17.2.0
Discovery Timeline
- 2024-07-24 - CVE-2024-7091 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2024-7091
Vulnerability Analysis
This vulnerability falls under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The flaw exists within GitLab's export functionality for groups and projects. When users export project or group data, the system fails to properly enforce access controls, allowing portions of this exported data to be accessible by unauthorized users.
The vulnerability requires network access and low-privilege authentication to exploit. Due to the scope change indicator in the vulnerability assessment, the impact extends beyond the vulnerable component itself, potentially affecting confidentiality across different organizational boundaries within the GitLab instance.
Root Cause
The root cause stems from improper access control validation in GitLab's export feature. When processing export requests or accessing exported data, the application fails to adequately verify that the requesting user has proper authorization to view the exported content. This represents a breakdown in the principle of least privilege, where users can access information beyond their intended scope.
Attack Vector
The attack requires an authenticated user with low-level privileges to exploit the vulnerability over the network. The attacker does not need user interaction to successfully exploit this flaw. The exploitation path involves:
- An attacker authenticates to the GitLab instance with valid credentials
- The attacker identifies or triggers an export operation for a group or project
- Due to inadequate access control checks, limited information from another user's exported data becomes accessible
- The attacker extracts confidential information from the exposed export data
The vulnerability does not require special privileges beyond basic GitLab authentication, making it accessible to any authenticated user on affected instances.
Detection Methods for CVE-2024-7091
Indicators of Compromise
- Unusual access patterns to export endpoints from users who don't own the exported resources
- Audit logs showing users accessing exported project or group data they shouldn't have permission to view
- Anomalous API calls to GitLab's export-related endpoints with unexpected user contexts
Detection Strategies
- Monitor GitLab audit logs for export-related activities, particularly focusing on cross-user or cross-project access patterns
- Implement alerting on any export data access attempts where the requesting user differs from the export owner
- Review web server access logs for unusual patterns involving /export/ or similar endpoint paths
Monitoring Recommendations
- Enable verbose audit logging for GitLab export functionality
- Configure SIEM rules to correlate export creation events with subsequent data access events
- Implement real-time monitoring for API calls related to project and group exports
- Regularly review access patterns for exported data to identify potential unauthorized access
How to Mitigate CVE-2024-7091
Immediate Actions Required
- Upgrade GitLab CE/EE to version 17.0.5, 17.1.3, or 17.2.1 or later depending on your current version branch
- Review audit logs for any suspicious export-related activities prior to patching
- Assess whether any sensitive project or group data may have been exposed
- Notify affected users if unauthorized information disclosure is detected
Patch Information
GitLab has released security patches addressing this vulnerability. Organizations should upgrade to the following minimum versions:
- For the 17.0.x branch: upgrade to 17.0.5 or later
- For the 17.1.x branch: upgrade to 17.1.3 or later
- For the 17.2.x branch: upgrade to 17.2.1 or later
Additional details are available in the GitLab Issue Discussion.
Workarounds
- Restrict export functionality to administrators only until patches can be applied
- Implement network-level access controls to limit who can access the GitLab instance
- Review and limit user permissions, especially for users who don't require export capabilities
- Monitor and audit all export operations until the patch is deployed
# Configuration example: Restrict project export permissions (GitLab Rails console)
# Access the Rails console
gitlab-rails console
# Review current export settings
Gitlab::CurrentSettings.current_application_settings.project_export_enabled
# Consider disabling project exports temporarily (requires admin privileges)
# ApplicationSetting.current.update(project_export_enabled: false)
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
