GitLab patches bug that could expose a CI/CD pipeline to supply chain attack

13 September 2024

GitLab patched 17 bugs, including a critical flaw with a CVSS score of 9.9 that could let an attacker trigger a pipeline as an arbitrary user, leading to privileged escalation, data exfiltration, and a software supply chain compromise. Security pros consider flaws in a CI/CD pipeline serious because the pipeline just doesn’t automate how developers create, test, and deploy applications, it helps teams find bugs early in the development process, which helps them turn out higher quality software.

Source: SC Magazine

Date:

13 September 2024

Categorie(s):

NEWS

Tag(s):

CI/CD, GitLab, Open Source, Open Source Hosting, Open Source Software

Harnessing the Power of Data and AI – Sivan Tehila – FS #15 November 2024
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years5 November 2024
Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches5 November 2024
Amazon Inspector suppression rules best practices for AWS Organizations5 November 2024
Building Cybersecurity Resilience: Strategies, Technologies, and Best Practices from Industry Leaders5 November 2024