GitLab recently issued security updates for its Community Edition (CE) and Enterprise Edition (EE) to address a total of eight security vulnerabilities. Of these, there is a critical flaw that could potentially allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Known as CVE-2024-9164, this vulnerability has been assigned a CVSS score of 9.6 out of 10.
According to GitLab, the flaw affects all versions of GitLab EE from 12.5 to 17.4.2, allowing pipelines to be executed on any branch.
Among the remaining seven vulnerabilities, four are classified as high severity, two as medium, and one as low. These include issues such as SSRF attacks, HTML injection, and authorization-related problems.
This latest advisory is part of a series of pipeline-related vulnerabilities that GitLab has been addressing in recent months, further emphasizing the importance of keeping software up to date to mitigate potential risks.
While there have been no reported instances of active exploitation, users are strongly advised to update their GitLab instances to the latest version to stay protected.
For more cybersecurity updates and news, follow us on Twitter and LinkedIn.