High Threat Security Alert (A24-09-17): Vulnerability in GitLab


 

Published on: 19 September 2024

  
  

Description:

GitLab has released 16.11.10, 17.0.8, 17.1.8, 17.2.7 and 17.3.3 to address a security restriction bypass vulnerability in various versions of GitLab.

Reports indicate that the security restriction bypass vulnerability (CVE-2024-45409) in GitLab Community Edition (CE) and Enterprise Edition (EE) is at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • GitLab Community Edition (CE) prior to versions 16.11.10, 17.0.8, 17.1.8, 17.2.7 and 17.3.3
  • GitLab Enterprise Edition (EE) prior to versions 16.11.10, 17.0.8, 17.1.8, 17.2.7 and 17.3.3

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerability could lead to security restriction bypass on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
  • https://www.hkcert.org/security-bulletin/gitlab-security-restriction-bypass-vulnerability_20240919
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45409


Tag: GitLab
Tags