An alarming security issue has recently been discovered in GitLab CE/EE (Community Edition and Enterprise Edition), affecting numerous versions of the platform. This vulnerability has the capability to give unauthorized users access to a GraphQL endpoint, allowing them to attach malicious runners to projects. This article will go over the critical details of the CVE-2023-2478 vulnerability, including the versions affected, code snippets, and links to original references to ensure that users are well informed and able to take any necessary precautions.

All versions starting from 15.11 before 15.11.2

If your platform falls within these ranges, it is highly recommended to update your GitLab instance to a patched version as soon as possible to prevent potential exploitation.

Exploit Details

Under certain conditions, this security issue lets an unauthorized GitLab user access a GraphQL endpoint to attach a malicious runner to any project within the platform. GraphQL is a query language and runtime for APIs, allowing clients to request only the data they need while enabling developers to build flexible and efficient APIs. However, with the unauthorized access to the GraphQL endpoint, attackers can attach malicious runners, potentially gaining access to sensitive data and tampering with project pipelines.

Below is an example of a typical GraphQL query on GitLab

query {
  project(fullPath: "example-group/example-project") {
    id
    name
  }
}

When exploited, the attacker may attach a malicious runner to the project through the same QraphQL endpoint:

mutation {
  attachRunnerToProject(input: { runnerId: "MALICIOUS_RUNNER_ID", projectId: "VULNERABLE_PROJECT_ID" }) {
    errors
  }
}

The attacker may use this vulnerability to attach a runner that has not been authorized for deployment within the project, exposing project pipelines and sensitive data to third parties with malicious intent.

1. GitLab Security Advisory (Replace 000 with the appropriate issue number when available)
2. CVE-2023-2478 - Mitre.org
3. GitLab Patch Release Notes (Refer to versions 15.9.7, 15.10.6, and 15.11.2 for respective patches)

If your GitLab instance falls within the affected versions, it's essential to take action promptly to protect your platforms against possible exploitation:

Conclusion

The CVE-2023-2478 vulnerability in GitLab CE/EE unveils the alarming reality that the malicious attachment of unauthorized runners is possible through a GraphQL endpoint. It's important for GitLab users to be aware of this security issue, update to a patched version, and remain vigilant by continuously monitoring their platforms for any unauthorized access or suspicious activity.

Timeline

Published on: 05/08/2023 21:15:00 UTC
Last modified on: 05/15/2023 17:04:00 UTC