News

Bleeping Computer10mon
GitLab warns of critical pipeline execution vulnerability
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
Bleeping Computer9mon
GitLab warns of critical arbitrary branch pipeline execution flaw
GitLab addressed arbitrary pipeline execution vulnerabilities multiple times this year, including CVE-2024-6678 last month, CVE-2024-6385 in July, and CVE-2024-5655 in June, all rated critical.
Dark Reading1y
GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln
As GitLab describes it: "At its most basic level, a pipeline gets code from point A to point B. The quicker and more efficient the pipeline is, the better it will accomplish this task." ...
TechRadar1y
GitLab warns of critical security flaw which could allow hacker ...
GitLab has upgraded its Community and Enterprise editions to fix a critical vulnerability which allowed malicious actors to run pipeline jobs as any other platform user. In its patch release notes ...
Dark Reading1y
Critical GitLab Bug Threatens Software Development Pipelines
A critical GitLab vulnerability could allow an attacker to run a pipeline as another user. GitLab is a popular Git repository, second only to GitHub, with millions of active users. This week, it ...