GitLab, a premier platform for DevOps and continuous integration/continuous delivery has rolled out essential security updates in versions 17.4.2, 17.3.5 and 17.2.9 for both community Edition (CE) and enterprises edition (EE). These updates tackles several important vulnerabilities, notably a critical severity flaw (CVE: 2024-9164) that could enable attackers to execute pipelines on arbitrary branches, posing a significant security threat to impacted instances.
The critical vulnerability identified as CVE:2024-9164 impacts all versions of GitLab Enterprise Edition from 12.5 onward. This flaw enables malicious actors to execute pipeline across any branch, posing a significant risk of unauthenticated access to sensitive data and system. With a CVSS score of 9.6, this issue is recognized as highly severe.
By F2
/ Tuesday , June 24 2025
The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
By F2
/ Tuesday , June 24 2025
Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
By F2
/ Tuesday , June 24 2025
OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
By F2
/ Tuesday , June 24 2025
In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
By infosecbulletin
/ Monday , June 23 2025
A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
By infosecbulletin
/ Wednesday , June 18 2025
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
By infosecbulletin
/ Monday , June 16 2025
SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
Other significant vulnerabilities addressed in this update include:
CVE-2024-8970: Let attackers pretend to be other users in certain situations, which could result in unauthorized actions and data leaks.
CVE-2024-8977: A security flaw that allows attacker to access internal resources and services through the Analytins Dashboard.
CVE-2024-9631: Checking code changes in merge requests with conflicts can be slow, causing a denial of services (DoS) condition.
CVE-2024-6530: A vulnerability that lets attackers run harmful scripts and steal user information.
GitLab has fixed vulnerabilities in versions 17.4.2, 17.3.5 and 17.2.9 for both Community and Enterprise Editions. Users should upgrade to one of these versions right away.
Related topics
Lumma C2 malware attack Bangladeshi several websites
Bangladeshi 32.4% government websites face cyber attack: NAS report