CVE-2024-11274
GitLab Patch Release for CE and EE

GitLab has released a critical security update for several versions of its platform, including versions 17.6.2, 17.5.4, and 17.4.6 for both Community and Enterprise Editions. This update fixes vulnerabilities that could result in account takeovers, denial of service attacks, and data leaks.

CVE-2024-11274 (CVSS 8.7) is a critical vulnerability that permits the injection of Network Error Logging (NEL) headers in Kubernetes proxy responses, risking user session data exfiltration. This could allow attackers to steal session data and access accounts without permission.

• Event

CYDES 2025 Reinforces Malaysia’s Vision of Secure and Trusted Digital Nation

By F2 / Thursday , July 3 2025

The final day of the Cyber Defence & Security Exhibition and Conference (CYDES) 2025 concluded with high-impact engagements at the...

Read More

• Alert
• Vulnerabilities

Cisco alerts that Unified CM has hardcoded root SSH credentials

By F2 / Thursday , July 3 2025

Cisco warns that a vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition...

Read More

• Event
• International

CYDES 2025
MCSS to implement 6 strategic goals with 7 objectives over 6 year: NACSA Chief

By F2 / Wednesday , July 2 2025

The second day of the Cyber Defence & Security Exhibition and Conference (CYDES) 2025 further cemented Malaysia’s position as a...

Read More

• International

CYDES 2025
Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

By F2 / Tuesday , July 1 2025

Malaysia's Deputy Prime Minister Datuk Seri Dr. Ahmad Zahid Hamidi said that Malaysia has placed cybersecurity at the heart of...

Read More

• International

Amid Meta moves; OpenAI is largely shutting down next week: Wired

By F2 / Tuesday , July 1 2025

Mark Chen, the chief research officer at OpenAI, sent a forceful memo to staff on Saturday, promising to go head-to-head...

Read More

• Alert
• Hot Topic

Canada orders Hikvision to close operations over national security

By F2 / Tuesday , July 1 2025

The Canadian government ordered Hikvision to stop all operations in the country due to national security concerns. Hikvision, based in...

Read More

• International

First couple “Rosie” to conceive using AI tech “STAR” successfully

By infosecbulletin / Sunday , June 29 2025

Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...

Read More

• Alert
• Cyber Attack

Scattered Spider Actively Attacking Aviation and Transportation: FBI

By infosecbulletin / Saturday , June 28 2025

Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...

Read More

• Alert
• Hot Topic
• International

Russia’s restrictions on Cloudflare making websites inaccessible

By F2 / Saturday , June 28 2025

Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...

Read More

• Cyber Attack
• Data Breach

61 million Verizon records allegedly posted online for sale

By infosecbulletin / Saturday , June 28 2025

A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...

Read More

CVE-2024-8233 (CVSS 7.5) allows attackers to perform denial of service attacks by repeatedly sending unauthenticated requests for diff-files. All GitLab versions from 9.4 are affected, making it urgent for users to update.

The update also addresses several medium and low-severity vulnerabilities, including:

CI_JOB_TOKEN Exploitation:
Attackers could potentially use stolen CI_JOB_TOKENs to gain access to user sessions.

Open Redirects and Path Traversal:
These vulnerabilities can be used for phishing and data leaks.

Cross-Site Scripting (XSS) and HTML Injection:
Improper output encoding and other vulnerabilities can allow XSS attacks if Content Security Policy (CSP) is not enabled.

Information Leaks:
Unauthorized users could access sensitive information, like project names and incident details.

GitLab urges all users to update to the latest versions immediately to address security risks. The company thanks security researchers for reporting these vulnerabilities through its HackerOne bug bounty program.