GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition (CE) and Enterprise Edition (EE) have been released to address these issues.
The CVE-2025-0314 allows attackers to inject malicious scripts into GitLab instances via โimproper rendering of certain file typesโ leading to attackers hijacking user sessions, stealing sensitive data, or taking control of affected systems.
By infosecbulletin
/ Wednesday , April 23 2025
Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC)...
Read More
By infosecbulletin
/ Tuesday , April 22 2025
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their...
Read More
By infosecbulletin
/ Tuesday , April 22 2025
SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL...
Read More
By infosecbulletin
/ Tuesday , April 22 2025
Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo...
Read More
By infosecbulletin
/ Monday , April 21 2025
ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom's remote control feature to access victims'...
Read More
By infosecbulletin
/ Monday , April 21 2025
๐๐ก๐ ๐๐ฒ๐๐๐ซ ๐๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐ฅ๐ฎ๐ of University of Asia Pacific (UAP) is going to arrange โ๐๐๐ ๐๐๐๐๐ ๐๐๐๐๐ ๐๐๐๐โ ๐๐๐ฉ๐ญ๐ฎ๐ซ๐ ๐๐ก๐...
Read More
By infosecbulletin
/ Sunday , April 20 2025
You copy a password from your manager, thinking it's safe. Meanwhile, your phone is saving it in plain text. Samsung...
Read More
GitLab said, โAn issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.โ
This vulnerability has a CVSS score of 8.7, indicating a high severity threat.
Other vulnerabilities addressed in this release include:
CVE-2024-11931: A medium severity flaw (CVSS score 6.4) that could allow developers to โexfiltrate protected CI/CD variables via CI lint.โ
CVE-2024-6324: A medium severity denial-of-service (DoS) vulnerability (CVSS score 4.3) related to โcyclic reference of epics.โ
GitLab strongly urges all users to update their installations immediately. โWe strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.โ
Cisco Fixes Meeting Management Allowing Privilege Escalation