GitLab has released a critical security update for several versions of its platform, including versions 17.6.2, 17.5.4, and 17.4.6 for both Community and Enterprise Editions. This update fixes vulnerabilities that could result in account takeovers, denial of service attacks, and data leaks.
CVE-2024-11274 (CVSS 8.7) is a critical vulnerability that permits the injection of Network Error Logging (NEL) headers in Kubernetes proxy responses, risking user session data exfiltration. This could allow attackers to steal session data and access accounts without permission.
By infosecbulletin
/ Wednesday , September 17 2025
A threat actor claims to have breached Link3, a major IT solutions and internet service provider based in Bangladesh. The...
Read More
By infosecbulletin
/ Wednesday , September 17 2025
Check point, a cyber security solutions provider hosts an event titled "securing the hyperconnected world in the AI era" at...
Read More
By infosecbulletin
/ Tuesday , September 16 2025
Cross-Site Scripting (XSS) is one of the oldest and most persistent vulnerabilities in modern applications. Despite being recognized for over...
Read More
By infosecbulletin
/ Monday , September 15 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
By infosecbulletin
/ Monday , September 15 2025
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users...
Read More
By infosecbulletin
/ Monday , September 15 2025
Australian banks are now using bots to combat scammers. These bots mimic potential victims to gather real-time information and drain...
Read More
By infosecbulletin
/ Saturday , September 13 2025
F5 plans to acquire CalypsoAI, which offers adaptive AI security solutions. CalypsoAI's technology will be added to F5's Application Delivery...
Read More
By infosecbulletin
/ Saturday , September 13 2025
The Villager framework, an AI-powered penetration testing tool, integrates Kali Linux tools with DeepSeek AI to automate cyber attack processes....
Read More
By infosecbulletin
/ Saturday , September 13 2025
Samsung released its monthly Android security updates, addressing a vulnerability exploited in zero-day attacks. CVE-2025-21043 (CVSS score: 8.8) is a...
Read More
By infosecbulletin
/ Saturday , September 13 2025
Albania has appointed the first AI-generated government minister to help eliminate corruption. Diella, the digital assistant meaning Sun, has been...
Read More
CVE-2024-8233 (CVSS 7.5) allows attackers to perform denial of service attacks by repeatedly sending unauthenticated requests for diff-files. All GitLab versions from 9.4 are affected, making it urgent for users to update.
The update also addresses several medium and low-severity vulnerabilities, including:
CI_JOB_TOKEN Exploitation:
Attackers could potentially use stolen CI_JOB_TOKENs to gain access to user sessions.
Open Redirects and Path Traversal:
These vulnerabilities can be used for phishing and data leaks.
Cross-Site Scripting (XSS) and HTML Injection:
Improper output encoding and other vulnerabilities can allow XSS attacks if Content Security Policy (CSP) is not enabled.
Information Leaks:
Unauthorized users could access sensitive information, like project names and incident details.
GitLab urges all users to update to the latest versions immediately to address security risks. The company thanks security researchers for reporting these vulnerabilities through its HackerOne bug bounty program.