CVE-2023-6195 - How a Markdown Image Could Let Hackers Reach Your Server in GitLab

GitLab is a popular tool developers use to track, review, and work on code. But sometimes, even the best tools have hidden dangers. In late 2023, security researchers found a scary vulnerability in GitLab. It’s called CVE-2023-6195, and it could let hackers trick GitLab into connecting to pretty much any server—your precious data included. Let’s break this down, step by step.

From 16.11 up to (but not including) 16.11.2

It centers on a classic problem called Server-Side Request Forgery (SSRF). This means someone can trick your GitLab server into visiting or talking to other computers on the Internet or, even worse, inside your own protected network.

How Did This Happen?

It’s all thanks to the way GitLab handles importing repositories from GitHub. When a GitLab user imports a GitHub project, the code converts GitHub-flavored Markdown into a version GitLab understands—including handling images included via Markdown.

Normally, an image in Markdown looks like this

!Alt text

But the import tool didn’t check carefully where those images came from. That let attackers sneak in special image links called “malicious URLs.”

Exploiting CVE-2023-6195: A Simple Proof of Concept

Imagine a bad actor wants to probe your internal network—maybe to find an open database or steal confidential stuff.

When importing a GitHub repository, they add this to a readme

!SSRF Test

Or even sneakier

!Attack

Why is that last example so dangerous? 169.254.169.254 is the IP address used by Amazon AWS for important instance metadata—the stuff that controls cloud servers. If GitLab tries to load this image, it could unknowingly spill cloud secrets to the attacker!

Attacker creates a GitHub repository with a README containing a malicious image link like above.

2. They import this repo into your GitLab (maybe using a Social Engineering trick, or through a malformed support request).
3. During the import, GitLab tries to fetch the image to show a preview. Boom—now it’s contacting an internal or sensitive resource.

Here’s a Python snippet that could listen for these "calls" (if you’re testing on your own network):

from http.server import BaseHTTPRequestHandler, HTTPServer

class Handler(BaseHTTPRequestHandler):
    def do_GET(self):
        print(f"Got a request: {self.path}")
        self.send_response(200)
        self.end_headers()

httpd = HTTPServer(('...', 800), Handler)
print("Listening for SSRF connections on port 800")
httpd.serve_forever()

Now, any attempt by GitLab to load http://localhost:800/secret will show up in your logs.

Want to dig deeper? Check the original sources

- Official GitLab CVE: CVE-2023-6195
- GitLab Security Advisory (March 2024)
- Gitlab Release Blog

More About SSRF Attacks

- OWASP: Server Side Request Forgery

Review Imports: Be careful about importing code—and readmes—from unknown sources.

3. Network Restrictions: Lock down your GitLab instance’s outgoing network access so it can’t hit internal resources.

Final Thoughts

CVE-2023-6195 is a great reminder that even something as innocent as an image in a readme can be used for evil. By keeping your tools up to date and staying alert, you’ll keep your code and your servers where they belong: safe and sound.

Timeline

Published on: 01/31/2025 00:15:08 UTC
Last modified on: 01/31/2025 18:15:34 UTC