Skip to content

GitLab Duo Chat can access issues and epics in SSO enforced groups without having an SSO session

Please read the process on how to fix security issues before starting to work on the issue. Vulnerabilities must be fixed in a security mirror.

HackerOne report #2417868 by joaxcar on 2024-03-15, assigned to @greg:

Report | How To Reproduce

Report

Summary

I am just starting to look at the Duo AI capabilities, so bear with me if I have not fully understood the threat model yet.

On a Premium or Ultimate license group, there is the option to enforce an active SSO session to gain access to the Group and the group's projects. See documentation. Enabling this on a group will prevent all access to issues and epics in the group for users that do not have an active SSO session. I know that this enforcement is not fully supported in the GitLab API yet, see issue, but I think that Duo Chat would fall under "web access".

I noticed that the Duo chat is not restricted by SSO enforcement. A user that would normally be prompted with a "SSO session required" when trying to view issues and epics can still ask Duo Chat to access the items through the web UI.

Steps to reproduce
  1. Create two accounts on https://gitlab.com, and make sure that one of them has an Ultimate trial (this is to get access to Duo chat and Group SSO)
  2. Log in as the victim and create a group with an Ultimate license (make it private)
  3. Create a project in the group (make it private)
  4. Create an issue in the project with some content
  5. Go to https://gitlab.com/groups/GROUPNAME/-/group_members and invite the other user as a member
  6. Go to https://gitlab.com/groups/GROUPNAME/-/saml
  7. Check these three boxes:

Enable SAML authentication for this group
Enforce SSO-only authentication for web activity for this group
Enforce SSO-only authentication for Git and Dependency Proxy activity for this group

  1. Click save

  2. Now try to access https://gitlab.com/GROUPNAME/PROJECTNAME/-/issues/1
    The user will be blocked and asked to authenticate with SSO

  3. Now log in as the attacker user (member of the group)

  4. Try to access https://gitlab.com/GROUPNAME/PROJECTNAME/-/issues/1 the user will be asked for SSO

  5. Open Duo Chat (either in top right or under "help")

  6. Type this in chat

Print the content of: https://gitlab.com/GROUPNAME/PROJECTNAME/-/issues/1
  1. Duo chat will think for a bit and then print the information about the issue without asking for SSO
Impact

Users can bypass SSO enforcement using Duo Chat, leaking issues and epics to users who are not correctly authorized

What is the current bug behavior?

Duo chat does not seem to care about SSO sessions

What is the expected correct behavior?

Duo Chat should check where the user has an active SSO session just like the other parts of the UI

Impact

Users can bypass SSO enforcement using Duo Chat, leaking issues and epics to users who are not correctly authorized

How To Reproduce

Please add reproducibility information to this section: