Vulnerability Management, Patch/Configuration Management

Severe vulnerabilities addressed by GitLab, others

In this photo illustration the GitLab logo seen displayed on a smartphone and on the background.

Numerous severe security issues have been remediated by GitLab, Citrix, and VMware in updates to several of their products, reports The Hacker News.

Aside from addressing a medium severity vulnerability enabling URL alterations for a group namespace, tracked as CVE-2024-5257, GitLab has also issued a fix for the critical flaw in GitLab Community Edition and Enterprise Edition software, tracked as CVE-2024-6385, which could be leveraged for arbitrary pipeline job execution. Patches have also been provided by Citrix to address a critical improper authentication bug in NetScaler Agent, NetScaler Console, and NetScaler SDX, tracked as CVE-2024-6235. On the other hand, VMware has released updates to fix a critical bug in Aria Automation, tracked as CVE-2024-22280, and a medium severity injection flaw in Cloud Director, tracke as CVE-2024-22277. Such developments come amid a new joint FBI and Cybersecurity and Infrastructure Security Agency bulletin calling for immediate vendor action against operating system command injection vulnerabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds