Critical Vulnerability in GitLab's Products

Published on 20 Sep 2023 | Updated on 20 Sep 2023

GitLab has released security updates to address a critical vulnerability (CVE-2023-4998) affecting GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.6 out of 10. 

Successful exploitation of the vulnerability could allow an attacker to abuse the scan execution policies to run pipelines as another user.

The vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions starting from 13.12 before 16.2.7 and versions starting from 16.3 before 16.3.4.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
https://www.bleepingcomputer.com/news/security/gitlab-urges-users-to-install-security-updates-for-critical-pipeline-flaw/

Tags
Alerts Alerts & Advisories
Share