InfoSecBulletin Cybersecurity for mankind
GitLab released security updates on Wednesday to fix 17 vulnerabilities, including a critical issue that lets attackers run pipeline jobs as any user. CVE-2024-6678 is a critical vulnerability with a CVSS score of 9.9 out of 10.0
“An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances,” the company said in an alert.
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
The vulnerability, along with three high-severity, 11 medium-severity, and two low-severity bugs, has been fixed in GitLab CE and EE versions 17.3.2, 17.2.5, and 17.1.7.
CVE-2024-6678 is the fourth serious flaw GitLab has fixed in the past year, joining CVE-2023-5009, CVE-2024-5655, and CVE-2024-6385, all with a CVSS score of 9.6.
Users should apply the patches quickly to prevent potential threats, even though there is currently no evidence of active exploitation of the flaws.
In May, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that a critical GitLab vulnerability (CVE-2023-7028, CVSS score: 10.0) was being actively exploited.
