Security News > 2023 > September > GitLab urges users to install security updates for critical pipeline flaw
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
The flaw was assigned CVE-2023-4998 and impacts GitLab Community Edition and Enterprise Edition versions 13.12 through 16.2.7 and versions 16.3 through 16.3.4.
The issue was discovered by security researcher and bug hunter Johan Carlsson, who GitLab said is a bypass of a medium-severity problem tracked as CVE-2023-3932 that was fixed in August.
Impersonating users without their knowledge or permission to run pipeline tasks could result in the attackers accessing sensitive information or abusing the impersonated user's permissions to run code, modify data, or trigger specific events within the GitLab system.
GitLab's bulletin underlines the severity of the vulnerability, urging users to apply the available security updates promptly.
Users can update GitLab from here or obtain GitLab Runner packages from this official webpage.
News URL
Related news
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- GitLab releases fix for critical SAML authentication bypass flaw (source)
- GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-03 | CVE-2023-3932 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. | 6.5 |