GitLab on Wednesday launched security updates to handle 17 security vulnerabilities, together with a essential flaw that permits an attacker to run pipeline jobs as an arbitrary person.
The problem, tracked as CVE-2024-6678, carries a CVSS rating of 9.9 out of a most of 10.0
“A problem was found in GitLab CE/EE affecting all variations ranging from 8.14 previous to 17.1.7, ranging from 17.2 previous to 17.2.5, and ranging from 17.3 previous to 17.3.2, which permits an attacker to set off a pipeline as an arbitrary person below sure circumstances,” the corporate stated in an alert.
The vulnerability, together with three high-severity, 11 medium-severity, and two low-severity bugs, have been addressed in variations 17.3.2, 17.2.5, 17.1.7 for GitLab Group Version (CE) and Enterprise Version (EE).
It is price noting that CVE-2024-6678 is the fourth such flaw that GitLab has patched over the previous yr after CVE-2023-5009 (CVSS rating: 9.6), CVE-2024-5655 (CVSS rating: 9.6), and CVE-2024-6385 (CVSS rating: 9.6).
Whereas there is no such thing as a proof of energetic exploitation of the failings, customers are really useful to use the patches as quickly as doable to mitigate in opposition to potential threats.
Earlier this Might, U.S. Cybersecurity and Infrastructure Safety Company (CISA) revealed {that a} essential GitLab vulnerability (CVE-2023-7028, CVSS rating: 10.0) had come below energetic exploitation within the wild.
