#CI/CDVulnerability

GitLab: Critical bug lets attackers run pipelines as other users

July 10, 2024 by Xynik

July 10, 2024 at 04:08PM GitLab addressed a critical vulnerability that allowed attackers to run pipeline jobs as other users in its Community and Enterprise editions. This flaw (CVE-2024-6385) had a severity rating of 9.6/10 and affected versions 15.8 to 17.1.2, impacting over 30 million users, including Fortune 100 companies. GitLab released updates and urged … Read more

Exploit available for new critical TeamCity auth bypass bug, patch now

March 4, 2024 by Xynik

March 4, 2024 at 05:44PM A critical vulnerability in JetBrains’ TeamCity On-Premises CI/CD solution (CVE-2024-27198) allows remote attackers to gain administrative control. Exploits are available, prompting urgent updates to the latest product version or installation of a security patch. Another vulnerability (CVE-2024-27199) permits unauthorized system settings modification. Administrators must prioritize addressing these issues. Rapid7 discovered … Read more