Plattform
gitlab
Komponente
gitlab
Behoben in
17.2.9
17.3.5
17.4.2
CVE-2024-8977 is a Server-Side Request Forgery (SSRF) vulnerability identified in GitLab EE. This flaw allows an attacker to potentially access internal resources or services within the GitLab instance. The vulnerability impacts versions 15.10 through 17.4.2, specifically instances where the Product Analytics Dashboard is configured and enabled. A fix is available in version 17.4.2.
An attacker exploiting CVE-2024-8977 can leverage the Product Analytics Dashboard to initiate SSRF requests. This allows them to bypass security controls and potentially access internal services that are not directly exposed to the internet. Successful exploitation could lead to data exfiltration, unauthorized access to sensitive information, or even the ability to interact with internal systems. The blast radius is limited to the internal network accessible from the GitLab instance, but the potential impact can be significant depending on the services exposed internally. This vulnerability shares similarities with other SSRF exploits where attackers use a trusted application to make requests to unintended destinations.
CVE-2024-8977 was publicly disclosed on 2024-10-10. The vulnerability is not currently listed on the CISA KEV catalog. No public proof-of-concept exploits have been widely reported, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations using GitLab EE with the Product Analytics Dashboard enabled are at risk. This includes teams relying on GitLab for DevOps workflows and those storing sensitive data within the GitLab repository. Specifically, deployments with overly permissive internal network access policies increase the potential impact.
• gitlab / server:
journalctl -u gitlab-unicorn | grep "Product Analytics Dashboard"• gitlab / server:
ps aux | grep "Product Analytics Dashboard"• gitlab / server:
curl -I <gitlab_url>/<product_analytics_dashboard_url>• generic web: Check GitLab instance configuration for enabled Product Analytics Dashboard.
disclosure
Exploit-Status
EPSS
0.06% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-8977 is to upgrade GitLab EE to version 17.4.2 or later. If an immediate upgrade is not possible, consider disabling the Product Analytics Dashboard to reduce the attack surface. Network segmentation can also limit the potential impact by restricting access from the GitLab instance to sensitive internal resources. Web Application Firewalls (WAFs) configured to detect and block SSRF attempts can provide an additional layer of defense. After upgrading, verify the fix by attempting to access an internal resource through the Product Analytics Dashboard and confirming that the request is denied.
Aktualisieren Sie GitLab auf Version 17.2.9, 17.3.5 oder 17.4.2 oder eine spätere Version. Dies behebt die SSRF-Schwachstelle in der Konfiguration des Product Analytics Dashboards. Weitere Informationen zur Aktualisierung finden Sie in den GitLab-Versionshinweisen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-8977 is a Server-Side Request Forgery vulnerability in GitLab EE affecting versions 15.10–17.4.2. It allows attackers to potentially access internal resources via the Product Analytics Dashboard.
You are affected if you are running GitLab EE versions 15.10 through 17.4.2 and have the Product Analytics Dashboard enabled.
Upgrade GitLab EE to version 17.4.2 or later. As a temporary workaround, disable the Product Analytics Dashboard.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability suggests potential for exploitation. Monitor security advisories.
Refer to the official GitLab security advisory: [https://gitlab.com/security/advisories/CVE-2024-8977](https://gitlab.com/security/advisories/CVE-2024-8977)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.