PR for 001 (#1038)

commit-001

docs/advisories/20241014001-GitLab-CI-CD-Pipeline-Vulnerability.md

@@ -0,0 +1,25 @@
+# GitLab CI/CD pipeline Vulnerability - 20241014001
+
+## Overview
+
+The WA SOC has been made aware of a vulnerability affecting GitLab. This vulnerability allows unauthorised users to trigger Continuous Integration/Continuous Delivery (CI/CD) pipelines on any branch of a repository. An attacker capable of bypassing branch protections could potentially perform code execution or gain access to sensitive information.
+
+## What is vulnerable?
+
+| Product(s) Affected                                              | Version(s)                                              | CVE                                                             | CVSS | Severity     |
+| -----------------------------------------------------------------| --------------------------------------------------------| --------------------------------------------------------------- | ---- | ------------ |
+| GitLab Enterprise Edition (EE)| 12.5 \< 17.2.9 <br> 17.3 \< 17.3.5 <br> 17.4 \< 17.4.2  | [CVE-2024-9164](https://nvd.nist.gov/vuln/detail/CVE-2024-9164) | 9.6  | **Critical** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md))
+- GitLab: <https://github.com/advisories/GHSA-xc4q-wvjc-4v56>
+
+## Additional References
+
+- Bleeping Computer: <https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-arbitrary-branch-pipeline-execution-flaw/>
+- The Register: <https://www.theregister.com/2024/10/12/russia_is_targeting_you_for/>