Published on: 16 January 2024
GitLab has released 16.5.6, 16.6.4 and 16.7.2 to address multiple vulnerabilities in various versions of GitLab.
Reports indicate that the elevation of privilege vulnerability (CVE-2023-7028) in GitLab Community Edition (CE) and Enterprise Edition (EE) is at a high risk of exploitation. Successful exploitation could allow attackers to take over the accounts for which Two-Factor Authentication (2FA) is not enabled. System administrators are advised to take immediate action to patch your affected systems and enable 2FA for all GitLab accounts to mitigate the elevated risk of cyber attacks.
Please note that only accounts of GitLab Community Edition (CE) and Enterprise Edition (EE) without Two-Factor Authentication (2FA) being enabled are affected. For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to elevation of privilege, security restriction bypass or tampering on an affected system.
Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.