Security News > 2024 > September > GitLab warns of critical pipeline execution vulnerability

GitLab warns of critical pipeline execution vulnerability

2024-09-12 14:50

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...]

News URL

https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/

#critical #gitlab #vulnerability #CVE-2024-6678

Related news

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
Critical PHP RCE vulnerability mass exploited in new attacks (source)
GitLab patches critical authentication bypass vulnerabilities (source)
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-12	CVE-2024-6678	Authentication Bypass by Spoofing vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. network low complexity gitlab CWE-290	8.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Gitlab		10	47	739	246	58	1090

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.