Security News > 2024 > September > GitLab warns of critical pipeline execution vulnerability

GitLab warns of critical pipeline execution vulnerability

2024-09-12 14:50

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...]

News URL

https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/

#critical #gitlab #vulnerability #CVE-2024-6678

Related news

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-12	CVE-2024-6678	Authentication Bypass by Spoofing vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. network low complexity gitlab CWE-290	8.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Gitlab		10	47	739	246	58	1090

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.