Severe vulnerabilities addressed by GitLab, others

Numerous severe security issues have been remediated by GitLab, Citrix, and VMware in updates to several of their products, reports The Hacker News.

Aside from addressing a medium severity vulnerability enabling URL alterations for a group namespace, tracked as CVE-2024-5257, GitLab has also issued a fix for the critical flaw in GitLab Community Edition and Enterprise Edition software, tracked as CVE-2024-6385, which could be leveraged for arbitrary pipeline job execution. Patches have also been provided by Citrix to address a critical improper authentication bug in NetScaler Agent, NetScaler Console, and NetScaler SDX, tracked as CVE-2024-6235. On the other hand, VMware has released updates to fix a critical bug in Aria Automation, tracked as CVE-2024-22280, and a medium severity injection flaw in Cloud Director, tracke as CVE-2024-22277. Such developments come amid a new joint FBI and Cybersecurity and Infrastructure Security Agency bulletin calling for immediate vendor action against operating system command injection vulnerabilities.