Security News

GitLab urges users to install security updates for critical pipeline flaw
2023-09-19 17:06

GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies. The flaw was assigned CVE-2023-4998 and impacts GitLab Community Edition and Enterprise Edition versions 13.12 through 16.2.7 and versions 16.3 through 16.3.4.

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
2023-08-17 14:26

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. Proxyjacking allows the attacker to rent the compromised host out to a proxy network, making it possible to monetize the unused bandwidth.

GitLab announces AI-DevSecOps platform GitLab 16
2023-05-26 13:38

GitLab announced on Monday the new GitLab 16 platform, an upgraded and comprehensive AI-driven DevSecOps solution. GitLab 16 includes more than 55 improvements and new features.

GitLab 'strongly recommends' patching max severity flaw ASAP
2023-05-24 19:25

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity path traversal flaw tracked as CVE-2023-2825.GitLab is a web-based Git repository for developer teams that need to manage their code remotely and has approximately 30 million registered users and one million paying customers.

Week in review: RCE bug in GitLab patched, phishing PyPI users, Escanor malware in MS Office docs
2022-08-28 08:00

Phishing PyPI users: Attackers compromise legitimate projects to push malwarePyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. DDoS tales from the SOCIn this Help Net Security video, Bryant Rump, Principal Security Architect at Neustar Security Services, talks about the challenges of mitigating immense DDoS attacks.

GitLab ‘strongly recommends’ patching critical RCE vulnerability
2022-08-24 19:15

GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.The latest GitLab versions that address the problem are 15.3.1, 15.2.3, and 15.1.5, which users are advised to upgrade to immediately.

Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)
2022-08-24 10:40

GitLab has fixed a remote code execution vulnerability affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to upgrade their GitLab instances immediately. CVE-2022-2884 is a critical severity issue that may allow an authenticated user to achieve remote code execution via the Import from GitHub API endpoint, the company explained.

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
2022-08-24 06:21

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition and Enterprise Edition starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1.

GitLab security update fixes critical account take over flaw
2022-06-03 13:55

GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.Getting control over a GitLab account comes with severe consequences as hackers could gain access to developers' projects and steal source code.

GitLab Issues Security Patch for Critical Account Takeover Vulnerability
2022-06-03 08:01

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. The security flaw affects all versions of GitLab Enterprise Edition starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1.