Security News

GitLab announces AI-DevSecOps platform GitLab 16
2023-05-26 13:38

GitLab announced on Monday the new GitLab 16 platform, an upgraded and comprehensive AI-driven DevSecOps solution. GitLab 16 includes more than 55 improvements and new features.

GitLab 'strongly recommends' patching max severity flaw ASAP
2023-05-24 19:25

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity path traversal flaw tracked as CVE-2023-2825.GitLab is a web-based Git repository for developer teams that need to manage their code remotely and has approximately 30 million registered users and one million paying customers.

Week in review: RCE bug in GitLab patched, phishing PyPI users, Escanor malware in MS Office docs
2022-08-28 08:00

Phishing PyPI users: Attackers compromise legitimate projects to push malwarePyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. DDoS tales from the SOCIn this Help Net Security video, Bryant Rump, Principal Security Architect at Neustar Security Services, talks about the challenges of mitigating immense DDoS attacks.

GitLab ‘strongly recommends’ patching critical RCE vulnerability
2022-08-24 19:15

GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.The latest GitLab versions that address the problem are 15.3.1, 15.2.3, and 15.1.5, which users are advised to upgrade to immediately.

Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)
2022-08-24 10:40

GitLab has fixed a remote code execution vulnerability affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to upgrade their GitLab instances immediately. CVE-2022-2884 is a critical severity issue that may allow an authenticated user to achieve remote code execution via the Import from GitHub API endpoint, the company explained.

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
2022-08-24 06:21

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition and Enterprise Edition starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1.

GitLab security update fixes critical account take over flaw
2022-06-03 13:55

GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.Getting control over a GitLab account comes with severe consequences as hackers could gain access to developers' projects and steal source code.

GitLab Issues Security Patch for Critical Account Takeover Vulnerability
2022-06-03 08:01

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. The security flaw affects all versions of GitLab Enterprise Edition starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1.

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
2022-04-01 21:03

DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. "A hardcoded password was set for accounts registered using an OmniAuth provider in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts," the company said in an advisory published on March 31.

GitLab issues critical update after hard-coding passwords into accounts
2022-04-01 19:21

GitLab on Thursday issued security updates for three versions of GitLab Community Edition and Enterprise Edition software that address, among other flaws, a critical hard-coded password bug. "A hard-coded password was set for accounts registered using an OmniAuth provider in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts," the company said in its advisory.