High Threat Security Alert (A24-07-09): Multiple Vulnerabilities in GitLab


 

Published on: 11 July 2024

  
  

Description:

GitLab has released 16.11.6, 17.0.4 and 17.1.2 to address multiple vulnerabilities in various versions of GitLab.

Reports indicate that the elevation of privilege vulnerability (CVE-2024-6385) in GitLab Community Edition (CE) and Enterprise Edition (EE) is at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • GitLab Community Edition (CE) prior to versions 16.11.6, 17.0.4 and 17.1.2
  • GitLab Enterprise Edition (EE) prior to versions 16.11.6, 17.0.4 and 17.1.2

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to elevation of privilege, security restriction bypass or tampering on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/
  • https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240711
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2880
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5257
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5470
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5528
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6385
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6595


Tag: GitLab
Tags