Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Gitlab Community Edition and Enterprise Edition
Alerts

Critical Vulnerability in Gitlab Community Edition and Enterprise Edition

20 September 2024

Gitlab has released security updates to address a critical vulnerability (CVE-2024-45409) affecting self-managed installations of Community Edition (CE) and Enterprise Edition (EE). This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the input validation vulnerability could allow an attacker to bypass Security Assertion Markup Language (SAML) authentication and gain access to Gitlab instances by sending specially crafted SAML responses.

The vulnerability affects the following product versions:

• GitLab CE/EE version 16.11.10 and prior

• GitLab CE/EE version 17.0.8, 17.1.8, 17.2.7, 17.3.3 and prior

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/

https://nvd.nist.gov/vuln/detail/CVE-2024-45409

https://www.bleepingcomputer.com/news/security/gitlab-releases-fix-for-critical-saml-authentication-bypass-flaw/

Back to top