Plataforma
gitlab
Componente
gitlab
Corrigido em
17.2.9
17.3.5
17.4.2
CVE-2024-8977 is a Server-Side Request Forgery (SSRF) vulnerability identified in GitLab EE. This flaw allows an attacker to potentially access internal resources or services within the GitLab instance. The vulnerability impacts versions 15.10 through 17.4.2, specifically instances where the Product Analytics Dashboard is configured and enabled. A fix is available in version 17.4.2.
An attacker exploiting CVE-2024-8977 can leverage the Product Analytics Dashboard to initiate SSRF requests. This allows them to bypass security controls and potentially access internal services that are not directly exposed to the internet. Successful exploitation could lead to data exfiltration, unauthorized access to sensitive information, or even the ability to interact with internal systems. The blast radius is limited to the internal network accessible from the GitLab instance, but the potential impact can be significant depending on the services exposed internally. This vulnerability shares similarities with other SSRF exploits where attackers use a trusted application to make requests to unintended destinations.
CVE-2024-8977 was publicly disclosed on 2024-10-10. The vulnerability is not currently listed on the CISA KEV catalog. No public proof-of-concept exploits have been widely reported, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations using GitLab EE with the Product Analytics Dashboard enabled are at risk. This includes teams relying on GitLab for DevOps workflows and those storing sensitive data within the GitLab repository. Specifically, deployments with overly permissive internal network access policies increase the potential impact.
• gitlab / server:
journalctl -u gitlab-unicorn | grep "Product Analytics Dashboard"• gitlab / server:
ps aux | grep "Product Analytics Dashboard"• gitlab / server:
curl -I <gitlab_url>/<product_analytics_dashboard_url>• generic web: Check GitLab instance configuration for enabled Product Analytics Dashboard.
disclosure
Status do Exploit
EPSS
0.06% (percentil 20%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-8977 is to upgrade GitLab EE to version 17.4.2 or later. If an immediate upgrade is not possible, consider disabling the Product Analytics Dashboard to reduce the attack surface. Network segmentation can also limit the potential impact by restricting access from the GitLab instance to sensitive internal resources. Web Application Firewalls (WAFs) configured to detect and block SSRF attempts can provide an additional layer of defense. After upgrading, verify the fix by attempting to access an internal resource through the Product Analytics Dashboard and confirming that the request is denied.
Atualize o GitLab para a versão 17.2.9, 17.3.5 ou 17.4.2, ou para uma versão posterior. Isso corrigirá a vulnerabilidade SSRF na configuração do painel de análise de produtos. Consulte as notas de versão do GitLab para obter instruções detalhadas sobre a atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-8977 is a Server-Side Request Forgery vulnerability in GitLab EE affecting versions 15.10–17.4.2. It allows attackers to potentially access internal resources via the Product Analytics Dashboard.
You are affected if you are running GitLab EE versions 15.10 through 17.4.2 and have the Product Analytics Dashboard enabled.
Upgrade GitLab EE to version 17.4.2 or later. As a temporary workaround, disable the Product Analytics Dashboard.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability suggests potential for exploitation. Monitor security advisories.
Refer to the official GitLab security advisory: [https://gitlab.com/security/advisories/CVE-2024-8977](https://gitlab.com/security/advisories/CVE-2024-8977)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.