Security News > 2024 > September > Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
2024-09-12 15:55

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to


News URL

https://thehackernews.com/2024/09/urgent-gitlab-patches-critical-flaw.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-6678 Authentication Bypass by Spoofing vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.
network
low complexity
gitlab CWE-290
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 47 736 246 58 1087