GitLab has released critical security updates to address vulnerabilities, including a high-severity flaw enabling attackers to run pipeline jobs as arbitrary users. The company strongly advises immediate upgrades to versions 17.1.2, 17.0.4, or 16.11.6 for Community and Enterprise Editions.
The most critical vulnerability (CVE-2024-6385) affects GitLab versions 15.8 to 17.1.1, with a CVSS score of 9.6. This flaw could allow an attacker to trigger a pipeline as another user; reported via GitLab's HackerOne bug bounty program.
Collection
[
|
...
]