CVE-2024-9773 in Enterprise Edition
Summary
by MITRE • 03/27/2025
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/13/2025
The vulnerability identified as CVE-2024-9773 represents a critical input validation flaw within GitLab Enterprise Edition's Harbor registry integration functionality. This security weakness affects a broad range of GitLab versions including those from 14.9 through 17.8.5, 17.9 through 17.8.2, and 17.10 through 17.10.0, creating an extensive attack surface for potential exploitation. The flaw specifically resides in how the system processes and validates user inputs when displaying CLI commands within the web interface, creating a pathway for malicious actors to inject harmful code into the displayed output.
The technical nature of this vulnerability stems from inadequate sanitization of input parameters within the Harbor registry integration module. When maintainers configure or interact with Harbor registry settings through the GitLab UI, the system fails to properly validate and escape user-provided data before rendering CLI command examples. This oversight allows an authenticated maintainer with sufficient privileges to manipulate input fields in such a way that malicious code becomes embedded within the displayed CLI commands. The vulnerability manifests as a code injection issue that directly impacts the integrity of the user interface elements, potentially enabling attackers to execute arbitrary commands or access sensitive information through the command line interface.
The operational impact of CVE-2024-9773 extends beyond simple code injection, as it fundamentally compromises the trust model of GitLab's registry integration functionality. A malicious maintainer could potentially insert backdoors, data exfiltration scripts, or other harmful payloads into the CLI command examples that other users might execute, creating a supply chain attack vector. The implications are particularly severe in environments where multiple team members rely on the displayed CLI commands for registry operations, as any user who executes these commands would unknowingly trigger the malicious code. This vulnerability also undermines the principle of least privilege, as it allows a single maintainer role to compromise the entire registry integration experience for all users.
Mitigation strategies for CVE-2024-9773 should prioritize immediate patching of affected GitLab versions to the latest stable releases that contain the necessary fixes. Organizations should implement additional monitoring of registry integration activities and user access patterns to detect anomalous behavior that might indicate exploitation attempts. The recommended approach includes enabling strict input validation and output encoding for all user-provided data within the registry integration UI components. Security teams should also consider implementing network segmentation and access controls to limit the scope of potential damage from compromised maintainer accounts. This vulnerability aligns with CWE-79, which addresses cross-site scripting and code injection flaws, and potentially maps to ATT&CK technique T1059.001 for command and scripting interpreter, representing a critical pathway for privilege escalation and persistent access within containerized environments that rely on Harbor registry integration.