Security News > 2024 > July > GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user.

"An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to 17.0.4, and 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances," the company said in a Wednesday advisory.

All the security shortcomings have been fixed in GitLab Community Edition and Enterprise Edition versions 17.1.2, 17.0.4, and 16.11.6.

The disclosure comes as Citrix released updates for a critical, improper authentication flaw impacting NetScaler Console, NetScaler SDX, and NetScaler Agent that could result in information disclosure.

Patches have also also released by Broadcom for two medium-severity injection vulnerabilities in VMware Cloud Director and VMware Aria Automation that could be abused to execute malicious code using specially crafted HTML tags and SQL queries, respectively.

"OS command injection vulnerabilities have long been preventable by clearly separating user input from the contents of a command," the agencies said.

News URL

https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html