SecurityWeek reports that updates have been released by GitLab to resolve 14 vulnerabilities impacting several versions of its Community Edition and Enterprise Edition software.Most severe of the addressed flaws is a critical bug in GitLab CE/EE versions newer than 15.8, 17.0, and 17.1, tracked as CVE-2024-5655, which could be leveraged to facilitate automated execution of a pipeline upon the automated re-targeting of a merge request, according to GitLab, which noted no active exploitation of such an issue so far. Also remediated in the updates were three high-severity flaws, including an improper authorization in search issue, tracked as CVE-2024-6323, a cross-site request forgery bug, tracked as CVE-2024-4994, and a cross-site scripting vulnerability, tracked as CVE-2024-4901. Moreover, GitLab has also addressed nine medium-severity flaws, including those that could be leveraged for denial-of-service, OAuth authentication flow exploitation, and merge request approval policy deletions. Organizations with vulnerable GitLab CE/EE instances have been urged to immediately update to versions 17.1.1, 17.0.3, and 16.11.5.
Patch/Configuration Management, Vulnerability Management
Over a dozen GitLab vulnerabilities addressed

(Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



