On 9 October 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote attacker to run pipelines on arbitrary branches within a repository, which could potentially lead to code execution. A GitLab pipeline consists of a series of automated processes that execute in stages to build, test, and deploy code. While the specific methods for exploiting this vulnerability have not been revealed, GitLab’s Common Vulnerability Scoring System (CVSS) metrics categorise it as a low-complexity (AC:L) exploit.
At the time of writing, Arctic Wolf has not identified active exploitation or a publicly available proof of concept exploit for this vulnerability. However, threat actors have a history of targeting GitLab instances. In May 2024, CISA warned about the exploitation of CVE-2023-7028, a zero-click vulnerability in GitLab CE/EE that enabled unauthenticated attackers to hijack accounts through password resets. Given the widespread use of GitLab, it’s possible that threat actors will attempt to reverse-engineer the patches for CVE-2024-9164 and create exploits in the future.
Recommendation for CVE-2024-9164
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Versions | Fixed Version |
| GitLab EE | 12.5 prior to 17.2.9 | 17.2.9 |
| 17.3 prior to 17.3.5 | 17.3.5 | |
| 17.4 prior to 17.4.2 | 17.4.2 |
Note: GitLab Dedicated customers do not need to take any action.
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
