High Threat Security Alert (A24-10-14): Multiple Vulnerabilities in GitLab


 

Published on: 14 October 2024

  
  

Description:

GitLab has released 17.2.9, 17.3.5 and 17.4.2 to address multiple vulnerabilities in various versions of GitLab.

Reports indicate that the vulnerability (CVE-2024-9164) in GitLab Community Edition (CE) and Enterprise Edition (EE) is at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • GitLab Community Edition (CE) prior to versions 17.2.9, 17.3.5 and 17.4.2
  • GitLab Enterprise Edition (EE) prior to versions 17.2.9, 17.3.5 and 17.4.2

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/
  • https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20241014
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5005
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6530
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8970
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8977
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9164
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9596
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9623
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9631


Tag: GitLab
Tags