CVE-2024-1347 is an authentication bypass vulnerability identified in GitLab Community Edition (CE) and Enterprise Edition (EE) affecting multiple versions prior to 16.9.6, versions starting from 16.10 up to but not including 16.10.4, and versions starting from 16.11 up to but not including 16.11.1. The vulnerability is classified under CWE-290, which pertains to authentication bypass by spoofing. The core issue arises from improper validation of email addresses used in domain-based restrictions within GitLab instances or groups. An attacker can craft a malicious email address that bypasses these domain restrictions, potentially allowing unauthorized access to resources or actions that should be limited to specific domains. The vulnerability does not require user interaction and can be exploited remotely over the network with low attack complexity, but it does require some level of privileges (PR:L) on the system. The CVSS v3.1 base score is 4.3, indicating a medium severity level, with the impact primarily on integrity (I:L) and no direct impact on confidentiality or availability. There are no known exploits in the wild at the time of publication, and no official patch links were provided in the data, though it is expected that GitLab will release or has released patches addressing this issue. This vulnerability could allow attackers to perform unauthorized actions by circumventing domain-based access controls, potentially leading to privilege escalation or unauthorized modifications within GitLab projects or groups.

For European organizations, especially those relying heavily on GitLab for source code management, CI/CD pipelines, and collaboration, this vulnerability poses a risk of unauthorized access and modification of code repositories or project settings. The bypass of domain-based restrictions could allow attackers to impersonate trusted users or domains, undermining internal security policies that rely on domain whitelisting. This could lead to integrity compromises such as unauthorized code changes, insertion of malicious code, or disruption of development workflows. Organizations in regulated sectors (finance, healthcare, critical infrastructure) could face compliance issues if unauthorized changes go undetected. While the vulnerability does not directly impact confidentiality or availability, the integrity impact could have downstream effects on software supply chain security, potentially introducing vulnerabilities or backdoors into production software. The medium severity suggests that while the risk is not critical, it should be addressed promptly to prevent exploitation, especially in environments with sensitive or critical codebases.

European organizations should immediately verify their GitLab versions and upgrade to the fixed versions (16.9.6 or later, 16.10.4 or later, 16.11.1 or later) as soon as official patches are available. Until patches are applied, organizations should audit and tighten domain-based restrictions and access controls in GitLab, ensuring that only trusted domains and users have access. Implement additional multi-factor authentication (MFA) and monitor GitLab logs for suspicious authentication attempts or unusual email address patterns that could indicate exploitation attempts. Employ network segmentation and restrict GitLab access to trusted internal networks or VPNs to reduce exposure. Regularly review user and group permissions to minimize privilege levels and remove inactive or unnecessary accounts. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting email spoofing or authentication bypass attempts. Finally, maintain an incident response plan tailored to source code repository compromises to quickly respond to any detected exploitation.