A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions. GitLab integrates CI/CD pipelines for efficient automation of testing and deployment, supporting all stages of the software development lifecycle. This security vulnerability, designated as CVE-2024-5655, is classified with a critical severity rating of 9.6 out of 10. The vulnerability allows an attacker (under specific but unspecified conditions) to exploit the flaw and initiate a pipeline impersonating another user. The vulnerability affects all GitLab CE/EE versions from 15.8 to 16.11.4, 17.0.0 to 17.0.2, and 17.1.0. This could lead to unauthorized actions within the system, potentially compromising sensitive data and overall system integrity. Immediate attention and remediation are crucial to prevent exploitation and ensure the security of affected GitLab instances. GitLab Announces Patch Updates GitLab has fixed the vulnerability by releasing versions 17.1.1, 17.0.3, and 16.11.5, and advises users to install these updates promptly. “We are dedicated to ensuring all aspects of GitLab that are exposed to customers or that host customer data are…Read More
References
Back to Main