InfoSecBulletin Cybersecurity for mankind
GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition (CE) and Enterprise Edition (EE) have been released to address these issues.
The CVE-2025-0314 allows attackers to inject malicious scripts into GitLab instances via “improper rendering of certain file types” leading to attackers hijacking user sessions, stealing sensitive data, or taking control of affected systems.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
GitLab said, “An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.”
This vulnerability has a CVSS score of 8.7, indicating a high severity threat.
Other vulnerabilities addressed in this release include:
CVE-2024-11931: A medium severity flaw (CVSS score 6.4) that could allow developers to “exfiltrate protected CI/CD variables via CI lint.”
CVE-2024-6324: A medium severity denial-of-service (DoS) vulnerability (CVSS score 4.3) related to “cyclic reference of epics.”
GitLab strongly urges all users to update their installations immediately. “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.”
Cisco Fixes Meeting Management Allowing Privilege Escalation
