Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Gitlab Community and Enterprise Editions
Alerts

Critical Vulnerability in Gitlab Community and Enterprise Editions

16 September 2024

Gitlab has released security updates to address a critical vulnerability (CVE-2024-6678) affecting their Community Edition (CE) and Enterprise Edition (EE). This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.9 out of 10.

Successful exploitation of the arbitrary pipeline execution vulnerability allows the attacker to trigger a pipeline for environment stop actions as arbitrary users under certain conditions. GitLab pipelines are designed to streamline the software development process by automating repetitive tasks and ensuring that changes to the codebase are tested and deployed consistently.

The vulnerability affects the following product versions:

  • CE/EE version 8.14 to 17.1.7

  • CE/EE version 17.2 to 17.2.5

  • CE/EE version 17.3 to 17.3.2


Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job

https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/

Back to top