Security News > 2024 > September > GitLab warns of critical pipeline execution vulnerability
2024-09-12 14:50
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...]
News URL
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-6678 | Authentication Bypass by Spoofing vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. | 8.8 |