Gitlab Releases Corrective Updates to Fix Critical Vulnerability
Gitlab has published corrective updates for its platform to address vulnerabilities in its joint development versions – Gitlab 17.1.2, 17.0.4, and 16.11.6. These updates eliminate a total of 6 vulnerabilities, one of which (CVE-2024-6385) is classified as critical.
The critical vulnerability, similar to one that was fixed last month, allows attackers to launch work in the continuous integration pipeline jobs under an arbitrary user. Exploiting this vulnerability could grant the attacker access to internal repositories and closed projects of the targeted user.
The information about this vulnerability was reported to Gitlab through their payment programs for detecting vulnerabilities. Gitlab plans to release detailed information about the vulnerability 30 days after the publication of the correction.