Over a dozen GitLab vulnerabilities addressed

28 June 2024

Most severe of the addressed flaws is a critical bug in GitLab CE/EE versions newer than 15.8, 17.0, and 17.1, tracked as CVE-2024-5655, which could be leveraged to facilitate automated execution of a pipeline upon the automated re-targeting of a merge request, according to GitLab, which noted no active exploitation of such an issue so far. Also remediated in the updates were three high-severity flaws, including an improper authorization in search issue, tracked as CVE-2024-6323, a cross-site request forgery bug, tracked as CVE-2024-4994, and a cross-site scripting vulnerability, tracked as CVE-2024-4901.

Source: SC Magazine

Date:

28 June 2024

Categorie(s):

NEWS

Tag(s):

GitLab, Open Source, Open Source Hosting, Open Source Software, Vulnerability Management

These passwords get you hacked: 15 rules to follow18 November 2024
Gmail’s spam solution will have you using email aliases18 November 2024
Mozilla 0Din Warns of ChatGPT Sandbox Flaws Enabling Python Execution18 November 2024
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign18 November 2024
With SearchGPT, could OpenAI rewrite online search rules — and invite plagiarism?18 November 2024