GitLab released an update to address a vulnerability in the Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2024-45409, the vulnerability has a critical severity rating with a CVSS score of 10. The vulnerability originates from the Ruby SAML library used in multiple GitLab CE/EE versions. The omniauth-saml versions before 2.2.0 and ruby-saml versions before … Continue reading “GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)”
Tag: GitLab
GitLab Patches Multiple Vulnerabilities impacting Community Edition (CE) and Enterprise Edition (EE)
GitLab released a security advisory to address 18 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). One of these vulnerabilities tracked as CVE-2024-6678, is given a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to trigger a pipeline as an arbitrary user.
GitLab Releases Patches to Address Multiple Vulnerabilities (CVE-2024-6385)
GitLab rolled out a series of patches to address six vulnerabilities in its software development platform, one of which is rated as critical. Tracked as CVE-2024-6385, the vulnerability is rated as critical with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to run pipeline jobs as an arbitrary user.
GitLab Releases Patch to Address Critical Pipeline Flaw Vulnerability (CVE-2023-5009)
Multiple versions of GitLab Enterprise Edition (EE) are affected by critical vulnerability. Tracked as CVE-2023-5009, the vulnerability may allow an attacker to access confidential data or utilize the impersonated user’s elevated permissions to change the source code or launch arbitrary code on the system. Security researcher Johan Carlsson has discovered the vulnerability and reported it … Continue reading “GitLab Releases Patch to Address Critical Pipeline Flaw Vulnerability (CVE-2023-5009)”
GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)
GitLab has released an emergency update for a path traversal vulnerability (CVE-2023-2825). On successful exploitation, the vulnerability may allow an attacker to read arbitrary files on the server. The vulnerability has been rated critical, with a maximum CVSS score of 10. A security researcher named Pwnie discovered this vulnerability and reported it to GitLab via … Continue reading “GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)”
GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)
GitLab has released updates to address a remote code execution flaw for its GitLab Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2022-2884, the vulnerability is rated as critical and is assigned a CVSS score of 9.9. An authenticated attacker could exploit this vulnerability to execute commands remotely on vulnerable systems via Import from GitHub API … Continue reading “GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)”
GitLab Unauthenticated Remote Code Execution Vulnerability (CVE-2021-22205)
GitLab is a web-based DevOps lifecycle solution built by GitLab Inc. providing unrivaled insight and productivity across the DevOps lifecycle in a single application. GitLab has released an update for a significant remote code execution (RCE) vulnerability (CVE-2021-22205) in GitLab’s web interface. This vulnerability has been regularly exploited in the wild and has caused a vast … Continue reading “GitLab Unauthenticated Remote Code Execution Vulnerability (CVE-2021-22205)”