September 13, 2024 at 05:03AM
GitLab announced patches for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) including a critical pipeline execution bug, CVE-2024-6678, with a CVSS score of 9.9. Successful exploitation could disrupt services and inject malicious code. The vulnerabilities affect versions 8.14 to 17.3.1, and patches are available in versions 17.3.2, 17.2.5, and 17.1.7.
The meeting notes highlight the recent patches announced by GitLab for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including a critical-severity pipeline execution bug tracked as CVE-2024-6678 with a CVSS score of 9.9. This flaw could allow an attacker to trigger a pipeline as an arbitrary user under certain circumstances, potentially disrupting services and injecting malicious code into production environments.
The vulnerability impacts GitLab CE/EE versions from 8.14 to 17.3.1, and patches were included in versions 17.3.2, 17.2.5, and 17.1.7. Additionally, the latest GitLab CE/EE releases resolve three high-severity bugs, as well as patches for 11 medium-severity and three low-severity flaws reported via GitLab’s bug bounty program on HackerOne.
GitLab recommends that users upgrade to the latest versions as soon as possible. No mention of exploitation of these vulnerabilities in the wild has been made, but it’s essential for users to apply the security updates to protect their systems.