GitLab has taken swift action to address a newly discovered security vulnerability and is strongly urging all of its users to install the fix immediately, as it tackles a high-severity flaw that poses significant risks.
In a recent security bulletin, GitLab disclosed that the vulnerability could potentially allow an attacker to exploit scan execution policies, enabling them to execute pipelines, a series of automated tasks, under the identity of another user.
This vulnerability has been officially identified as CVE-2023-4998, and it carries a severity score of 9.6. It impacts several versions of GitLab software, including GitLab Community Edition (CE) and Enterprise Edition (EE) versions 13.12 through 16.2.7, as well as versions 16.3 through 16.3.4.
According to a report by BleepingComputer, threat actors could misuse this vulnerability to impersonate users without their knowledge or consent, potentially gaining unauthorized access to sensitive information, running malicious code, altering data, or initiating specific actions within the GitLab system. Given GitLab’s critical role as a code management platform, this vulnerability could lead to dire consequences, including intellectual property theft, data breaches, supply chain attacks, and more, as reported by the publication.
GitLab has issued a stern advisory, stating, “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.”
Interestingly, this vulnerability has its roots in a prior security flaw that was seemingly not fully resolved. In the previous month, a vulnerability known as VE-2023-3932 was discovered and patched, initially classified as a medium-severity issue. However, security researcher Johan Carlsson identified a way to circumvent the previous fix and determined that the new vulnerability carries a higher severity score, hence the rating of 9.6.
For users running GitLab versions older than 16.2, it is crucial to ensure that both “Direct transfers” and “Security policies” are not simultaneously enabled, as this configuration leaves the endpoint vulnerable. The advisory explicitly recommends having only one of these features activated at any given time.
To apply the necessary security update, users can access GitLab Runner packages from the official website, ensuring their GitLab instance is promptly protected from this high-severity vulnerability.