Security News > 2023 > September > GitLab Releases Urgent Security Patches for Critical Vulnerability
2023-09-20 07:18
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled
News URL
https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html
Related news
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals (source)
- ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
- GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-5009 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. | 9.8 |