Security News > 2024 > September > GitLab warns of critical pipeline execution vulnerability

GitLab warns of critical pipeline execution vulnerability

2024-09-12 14:50

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...]

News URL

https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/

#critical #gitlab #vulnerability #CVE-2024-6678

Related news

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-12	CVE-2024-6678	Authentication Bypass by Spoofing vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. network low complexity gitlab CWE-290	8.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Gitlab		10	47	736	246	58	1087

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.