Security News

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
2024-10-11 06:29

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous...

GitLab warns of critical arbitrary branch pipeline execution flaw
2024-10-10 15:12

GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. [...]

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
2024-10-09 12:32

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an...

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
2024-09-19 05:07

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in...

GitLab releases fix for critical SAML authentication bypass flaw
2024-09-18 18:37

GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition...

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
2024-09-12 15:55

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue,...

GitLab warns of critical pipeline execution vulnerability
2024-09-12 14:50

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain...

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
2024-08-07 03:00

The possibility to integrate security in development processes has given rise to DevSecOps, where development and operations teams work together with security teams and all their processes are converged. The incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year.

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
2024-07-11 03:51

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to 17.0.4, and 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances," the company said in a Wednesday advisory.

GitLab: Critical bug lets attackers run pipelines as other users
2024-07-10 20:08

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.