GitLab has released security updates to address 17 vulnerabilities, including a critical flaw that allows attackers to run pipeline jobs as arbitrary users.
The critical flaw (CVE-2024-6678) carries a CVSS score of 9.9 out of 10.0, affecting GitLab versions 8.14 to 17.3.2.
GitLab has patched this vulnerability, as well as three high-severity, 11 medium-severity, and two low-severity bugs in versions 17.3.2, 17.2.5, 17.1.7 for GitLab Community Edition and Enterprise Edition.
GitLab’s proactive approach in fixing vulnerabilities is evident, with CVE-2024-6678 being the fourth flaw patched in the past year.
Although no active exploitation of these vulnerabilities has been reported, it’s crucial for users to apply the patches promptly to safeguard against potential threats.
Earlier this year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical GitLab vulnerability (CVE-2023-7028, CVSS score: 10.0) in the wild.