#CVE20245655 – Xynik

Critical GitLab Bug Threatens Software Development Pipelines

June 28, 2024 by Xynik

June 28, 2024 at 04:52PM A critical GitLab vulnerability (CVE-2024-5655) allows an attacker to run a pipeline as another user. This affects versions 15.8 to 16.11.5 and 17.0 to 17.1.1. The updates address 14 security issues, with one critical, 9 medium, and 3 high severity. Exploiting this vulnerability poses a compliance risk and potential revenue … Read more

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

June 28, 2024 by Xynik

June 28, 2024 at 10:43AM GitLab released updates addressing 14 security flaws, including a critical vulnerability allowing unauthorized execution of CI/CD pipelines. The most severe flaw, CVE-2024-5655 (CVSS score: 9.6), impacts versions 15.8 to 17.1, with 17.1.1, 17.0.3, and 16.11.5 providing fixes. While there’s no active exploitation, users are urged to apply patches. Key takeaways … Read more