Pressing: GitLab Patches Crucial Flaw Permitting Unauthorized Pipeline Job Execution

Sep 12, 2024Ravie LakshmananDevSecOps / Vulnerability

GitLab on Wednesday launched safety updates to handle 17 safety vulnerabilities, together with a important flaw that enables an attacker to run pipeline jobs as an arbitrary consumer.

The difficulty, tracked as CVE-2024-6678, carries a CVSS rating of 9.9 out of a most of 10.0

“An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances,” the corporate mentioned in an alert.

The vulnerability, together with three high-severity, 11 medium-severity, and two low-severity bugs, have been addressed in variations 17.3.2, 17.2.5, 17.1.7 for GitLab Group Version (CE) and Enterprise Version (EE).

Cybersecurity

It is value noting that CVE-2024-6678 is the fourth such flaw that GitLab has patched over the previous yr after CVE-2023-5009 (CVSS rating: 9.6), CVE-2024-5655 (CVSS rating: 9.6), and CVE-2024-6385 (CVSS rating: 9.6).

Whereas there isn’t any proof of lively exploitation of the failings, customers are really useful to use the patches as quickly as potential to mitigate in opposition to potential threats.

Earlier this Could, U.S. Cybersecurity and Infrastructure Safety Company (CISA) revealed {that a} important GitLab vulnerability (CVE-2023-7028, CVSS rating: 10.0) had come underneath lively exploitation within the wild.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...