Critical Vulnerability in GitLab

Published on 19 Mar 2021

Updated on 14 Apr 2021

GitLab has released a security update to address a critical vulnerability in its Community Edition (CE) and Enterprise Edition (EE). 

Successful exploitation of the vulnerability could allow an unauthorised authenticated user to execute arbitrary code on the server. The vulnerability has a Common Vulnerability Scoring System (CVSS) v3.1 score of 9.9 and affects all versions of GitLab CE and EE starting from version 13.2.

Administrators and users running affected GitLab CE or EE versions are advised to upgrade to the latest versions (13.9.4, 13.8.6 or 13.7.9) immediately.

More information is available here:

https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/