GitLab Legacy PAT
Service Name: GitLab
Service Description: GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration/continuous deployment pipeline features.
Service Address: https://gitlab.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to GitLab resources based on the token's permissions, including repositories, projects, issues, and CI/CD pipelines.
Secret Revokement URL: https://gitlab.com/-/profile/personal_access_tokens
Secret Example: glpat-ABCDefGHijkLMnopQRSTuvwx
Suspicious Activity Investigation Instructions:
- Check GitLab audit logs for unusual activity associated with the token
- Review project access history for unauthorized changes or access
- Examine CI/CD pipeline runs for unexpected or unauthorized jobs
- Look for repository clones or downloads from unfamiliar IP addresses
- Monitor for creation of new webhooks or integrations
Mitigation Instructions:
- Immediately revoke the compromised token by navigating to GitLab user settings
- Go to User Settings > Access Tokens
- Find the compromised token and click "Revoke"
- Create a new token with appropriate scopes if needed
- Review project permissions and access levels
- Check for any unauthorized changes to repositories or settings
- Enable two-factor authentication if not already enabled