CVE-2020-10077

Vulnerability

GitLab EE versions 3.0 through 12.8.1 contain a server-side request forgery (SSRF) vulnerability. An internal investigation revealed that a particular deprecated service was creating a request forgery risk [1]. The vulnerability allows an attacker to craft requests that cause the server to make unintended requests to internal or external systems.

Exploitation

An attacker can exploit this SSRF by sending specially crafted requests to the GitLab instance that leverage the deprecated service. No authentication is required, but the attacker must be able to interact with the GitLab EE instance over the network. The exact attack vector involves triggering the deprecated service to initiate requests to arbitrary destinations.

Impact

Successful exploitation allows an attacker to probe internal network resources, including services not directly accessible from the internet. This can lead to information disclosure, such as internal IP addresses, service banners, or sensitive data, and may serve as a stepping stone for further attacks.

Mitigation

GitLab has addressed this vulnerability in version 12.8.2, released on March 4, 2020 [1]. Users running GitLab EE 12.8.1 or earlier should upgrade to 12.8.2 or later. There are no known workarounds for unpatched versions.