I’M UNDER A CYBER ATTACK

Alert

Alert 2024-32 Critical Vulnerability in GitLab

GitLab has publicly disclosed several vulnerabilities affecting both the Community Edition (CE) and Enterprise Edition (EE) in their on-premise implementations, some of which are critical.

One of the most notable is CVE-2024-6678, a vulnerability in pipeline job execution. This flaw allows an attacker with low privileges to execute jobs as another user, potentially compromising private repositories and triggering supply chain issues. The vulnerability affects GitLab versions from 8.14 to those prior to 17.1.7, 17.2.5, and 17.3.2, and has a CVSS score of 9.9, categorizing it as critical in severity.

For more details on the vulnerabilities and mitigations, visit: GitLab Security Releases.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.