Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in GitLab's Products
Alerts

Critical Vulnerability in GitLab's Products

20 September 2023

GitLab has released security updates to address a critical vulnerability (CVE-2023-4998) affecting GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.6 out of 10. 

Successful exploitation of the vulnerability could allow an attacker to abuse the scan execution policies to run pipelines as another user.

The vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions starting from 13.12 before 16.2.7 and versions starting from 16.3 before 16.3.4.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
https://www.bleepingcomputer.com/news/security/gitlab-urges-users-to-install-security-updates-for-critical-pipeline-flaw/

Back to top