GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

July 11, 2024 at 12:12AM GitLab has released updates to address security flaws in its platform, including a critical bug (CVE-2024-6385) allowing an attacker to run pipeline jobs as another user. GitLab also fixed a medium-severity issue (CVE-2024-5257) and has released patches for the vulnerabilities. Additionally, CISA and FBI issued a bulletin urging technology manufacturers … Read more

GitLab Patches Critical Password Reset Vulnerability

January 15, 2024 at 07:07AM A vulnerability in GitLab’s email verification process (CVE-2023-7028, CVSS score 10) allows attackers to hijack the password reset process by sending reset messages to unverified email addresses. This affects GitLab CE/EE versions 16.1 to 16.7.1, with patches released in versions 16.5.6, 16.6.4, and 16.7.2. Users are advised to update instances … Read more