GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

After checking the pipeline file into the application's repository, the job moves into the queue. As soon as a GitLab runner is available, the defined steps run sequentially.

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln. The bug (CVE-2024-6385) is similar — but not ...

GitLab addressed arbitrary pipeline execution vulnerabilities multiple times this year, including CVE-2024-6678 last month, CVE-2024-6385 in July, and CVE-2024-5655 in June, all rated critical.

A critical GitLab vulnerability could allow an attacker to run a pipeline as another user. GitLab is a popular Git repository, second only to GitHub, with millions of active users. This week, it ...

GitLab integration allows embedded software teams to identify security issues found by the LDRA tool suite without having to leave their familiar cloud-native automation pipeline. As part of a ...