On September 11, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab CE/EE, identified as CVE-2024-6678. This flaw allows a remote attacker to trigger a pipeline as an arbitrary user under specific conditions. A GitLab pipeline is a collection of automated processes that run in stages to build, test, and deploy code. Although the exact details for exploiting this vulnerability haven’t been disclosed, GitLab’s Common Vulnerability Scoring System (CVSS) metrics classify it as a low-complexity (AC:L) exploit.
At this time, Arctic Wolf has not detected active exploitation of this vulnerability or identified a publicly available proof-of-concept (PoC) exploit. However, threat actors have previously targeted GitLab instances. In May 2024, CISA issued a warning about the exploitation of CVE-2023-7028, a zero-click vulnerability in GitLab CE/EE that allowed unauthenticated attackers to hijack accounts via password resets. Given GitLab’s widespread use, threat actors may attempt to reverse-engineer the patches for CVE-2024-6678 and develop exploits in the future.
Recommendation for CVE-2024-6678
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| GitLab CC/EE | 8.14 prior to 17.1.7 | 17.1.7 |
| 17.2 prior to 17.2.5 | 17.2.5 | |
| 17.3 prior to 17.3.2 | 17.3.2 |
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
