GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

In an effort to fix security holes in its software development platform, GitLab has released an additional set of fixes. One of the most important bugs allows an attacker to perform pipeline processes as any user.

The vulnerability, identified as CVE-2024-6385, has a CVSS score of 9.6 out of a possible 10.0.

GitLab CE/EE versions 15.8 before 16.11.6, 17.0 before 17.0.4, and 17.1 before 17.1.2 are affected by a bug that, in certain cases, enables an attacker to start a pipeline as a different user, the firm announced in an alert on Wednesday.

Recall that the business fixed a related vulnerability late last month (CVE-2024-5655, CVSS score: 9.6) that might be used as a weapon to access pipelines in the identities of other users read more about GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *