Security News > 2023 > September > GitLab Releases Urgent Security Patches for Critical Vulnerability
2023-09-20 07:18
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled
News URL
https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html
Related news
- Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability (source)
- Critical Atlassian Confluence vulnerability exploited by state-backed threat actor (source)
- Week in review: Patched curl and libcurl vulnerability, 15 free M365 security training modules (source)
- Security Vulnerability of Switzerland’s E-Voting System (source)
- New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers (source)
- Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability (source)
- VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) (source)
- Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach (source)
- F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747) (source)
- Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-5009 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. | 9.8 |