The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab’s Community and Enterprise editions, confirming it is very much under “active exploit.” When CISA adds a vulnerability to its Known Exploited Vulnerabilities (KEV) list, it means all federal civilian executive branch (FCEB) agencies usually have a maximum of 21 days to fix the issue to prevent harmful attacks on the government.

Source: The Register