Gitlab has released corrective updates for their platform, including versions 17.1.1, 17.0.3, 16.11.5, 16.10.8, 16.9.9, 16.8.8, 16.7.8, and 16.6.8. These updates address a total of 14 vulnerabilities, with one critical vulnerability (CVE-2024-5655) present in versions 15.8 and above. This critical vulnerability allows an attacker to execute tasks in the Pipeline Jobs feature under a different user’s context, potentially granting access to internal repositories and closed projects.
The details of the vulnerability were reported to Gitlab through their vulnerability disclosure program on Hackerone, with plans to disclose full information 30 days after the release of the fix.
Furthermore, the updates also address three high-risk vulnerabilities, including a vulnerability related to JavaScript code substitution (XSS).