FlagThis

CyberSecurity updates
Updated: 2024-10-22 12:03:50 Pacfic
Pierluigi Paganini @ Security Affairs
Critical Vulnerability in GitLab EE Allows Arbitrary Branch Pipeline Execution - 10d

Read more: securityaffairs.com

A critical vulnerability, identified as CVE-2024-9164, has been patched in GitLab EE versions. This flaw enables remote attackers to execute pipelines on arbitrary branches within a repository, potentially leading to code execution. The vulnerability arises from a lack of proper authorization checks during pipeline execution. Organizations using GitLab EE are strongly advised to update to the latest patched versions to mitigate this risk.

References:
  • Arctic Wolf - CVE-2024-9164: Critical Arbitrary Branch Pipeline Vulnerability in GitLab EE - 10d
  • Security Archives - GitLab fixed critical flaw CVE-2024-9164 - 10d
  • about.gitlab.com - This article from GitLab details the release of patch updates addressing vulnerabilities in GitLab EE versions 17.4.2, 17.3.5, and 17.2.9, emphasizing the critical nature of the vulnerabilities. - 10d
  • Arctic Wolf - On 9 October 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. - 10d
  • Security Risk Advisors - Critical GitLab security update: Versions 17.4.2, 17.3.5, 17.2.9 released to patch severe vulnerabilities. Flaws allow remote code execution and user impersonation. - 10d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find Flathis at Mastodon.