Security News > 2023 > September > GitLab Releases Urgent Security Patches for Critical Vulnerability
2023-09-20 07:18
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled
News URL
https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html
Related news
- GitLab warns of critical pipeline execution vulnerability (source)
- Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) (source)
- Download: CIS Critical Security Controls v8.1 (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-19 | CVE-2023-5009 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. | 9.8 |