A major vulnerability exists in some versions of GitLab Community and Enterprise Edition products, which might be exploited to run pipelines as any user.
GitLab is a prominent web-based open-source software project management and task tracking tool. There are an estimated one million active license users.
Understanding the Critical GitLab Vulnerability: CVE-2024-5655
The security problem resolved in the most recent update is identified as CVE-2024-5655 and has a severity level of 9.6 out of 10. Under some conditions, which the vendor did not specify, an attacker might exploit it to execute a pipeline as another user.
GitLab pipelines are a component of the Continuous Integration/Continuous Deployment (CI/CD) system that allows users to build, test, and deploy code changes by running processes and tasks automatically, either in parallel or sequentially.
The vulnerability affects all GitLab CE/EE versions, including 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0.
GitLab has resolved the vulnerability by releasing versions 17.1.1, 17.0.3, and 16.11.5, and users are encouraged to install the patches as soon as possible.
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: