Wednesday , October 16 2024
Gitlab

CVE-2024-9164: GitLab Users Urged to Update Now

infosecbulletin 6 days ago Vulnerabilities

GitLab, a premier platform for DevOps and continuous integration/continuous delivery has rolled out essential security updates in versions 17.4.2, 17.3.5 and 17.2.9 for both community Edition (CE) and enterprises edition (EE). These updates tackles several important vulnerabilities, notably a critical severity flaw (CVE: 2024-9164) that could enable attackers to execute pipelines on arbitrary branches, posing a significant security threat to impacted instances.

The critical vulnerability identified as CVE:2024-9164 impacts all versions of GitLab Enterprise Edition from 12.5 onward. This flaw enables malicious actors to execute pipeline across any branch, posing a significant risk of unauthenticated access to sensitive data and system. With a CVSS score of 9.6, this issue is recognized as highly severe.

Chrome 130 Launches with Patches for 17 Security Vulnerabilities

By infosecbulletin / Wednesday , October 16 2024
Google has released Chrome 130, fixing 17 security vulnerabilities. The update (version 130.0.6723.58/.59 for Windows and Mac, and 130.0.6723.58 for...
Read More
Chrome 130 Launches with Patches for 17 Security Vulnerabilities

Researchers Break RSA Encryption with Quantum Computing

By infosecbulletin / Wednesday , October 16 2024
Chinese researchers, led by Wang Chao from Shanghai University, have cracked RSA encryption using quantum computers. This achievement raises serious...
Read More
Researchers Break RSA Encryption with Quantum Computing

Shadowserver's data
87000+ Fortinet devices still open to attack?

By infosecbulletin / Tuesday , October 15 2024
On Sunday, the Shadowserver Foundation revealed that over 87,000 internet-facing Fortinet devices may still be at risk due to (CVE-2024-23113)...
Read More
Shadowserver's data 87000+ Fortinet devices still open to attack?

Gmail Scam Alert
Billions of Gmail users at risk from sophisticated new AI hack

By infosecbulletin / Monday , October 14 2024
A new sophisticated scam is targeting Gmail users, using artificial intelligence to manipulate them into giving away account access. This...
Read More
Gmail Scam Alert Billions of Gmail users at risk from sophisticated new AI hack

RansomHub Targets Bangladeshi Confidence Group

By infosecbulletin / Monday , October 14 2024
RansomHub targets Bangladeshi Confidence group of companies limited. The rapidly growing RansomHub ransomware group set time to release the data....
Read More
RansomHub Targets Bangladeshi Confidence Group

Hackers using ChatGPT create malware, OpenAI confirm

By infosecbulletin / Sunday , October 13 2024
OpenAI has neutralized over 20 malicious cyber operations using its AI chatbot, ChatGPT, for creating malware, spreading misinformation, avoiding detection,...
Read More
Hackers using ChatGPT create malware, OpenAI confirm

TrackMan exposes nearly 32 Million Records

By infosecbulletin / Saturday , October 12 2024
Nearly 32 million records and about 110 TB of data from Trackman users were left exposed online. This database included...
Read More
TrackMan exposes nearly 32 Million Records

CISA WARNS
CISA Warns of F5 BIG-IP Cookie Exploitation for Network Reconnaissance

By infosecbulletin / Friday , October 11 2024
CISA has issued a warning about a vulnerability in unencrypted persistent cookies in the F5 BIG-IP Local Traffic Manager (LTM)...
Read More
CISA WARNS CISA Warns of F5 BIG-IP Cookie Exploitation for Network Reconnaissance

CVE-2024-9164: GitLab Users Urged to Update Now

By infosecbulletin / Friday , October 11 2024
GitLab, a premier platform for DevOps and continuous integration/continuous delivery has rolled out essential security updates in versions 17.4.2, 17.3.5...
Read More
CVE-2024-9164: GitLab Users Urged to Update Now

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches

By infosecbulletin / Thursday , October 10 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its...
Read More
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches

Other significant vulnerabilities addressed in this update include:

CVE-2024-8970: Let attackers pretend to be other users in certain situations, which could result in unauthorized actions and data leaks.

CVE-2024-8977: A security flaw that allows attacker to access internal resources and services through the Analytins Dashboard.

CVE-2024-9631: Checking code changes in merge requests with conflicts can be slow, causing a denial of services (DoS) condition.

CVE-2024-6530: A vulnerability that lets attackers run harmful scripts and steal user information.

GitLab has fixed vulnerabilities in versions 17.4.2, 17.3.5 and 17.2.9 for both Community and Enterprise Editions. Users should upgrade to one of these versions right away.

Related topics

Lumma C2 malware attack Bangladeshi several websites

Bangladeshi 32.4% government websites face cyber attack: NAS report

Check Also

paloalto

Palo Alto Networks issues fix for security flaws, Including CVE-2024-9463

Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin