Security News > 2024 > September > GitLab warns of critical pipeline execution vulnerability
2024-09-12 14:50
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...]
News URL
Related news
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- GitLab releases fix for critical SAML authentication bypass flaw (source)
- GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-12 | CVE-2024-6678 | Authentication Bypass by Spoofing vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. | 8.8 |