According to cybersecurity advice released by PTA, developers and organizations were warned about many high-risk security breaches in GitLab Enterprise Edition (EE) and Community Edition (CE). According to the statement, these breaches present a serious threat to information security. These bugs also affect a large range of the versions of GitLab, from 8.0 to those published prior to 17.4.2.
According to a statement by PTA, products of GitLab have two critical bugs, which are CVE-2023-3441 and CVE-2024-5005. The first is CVE-2023-3441. This might increase the possibility of unauthorized changes to major project codes by giving users permission to merge protected branches without offering sufficient warning about security. The second is CVE-2024-5005. Remote authenticated attackers can exploit GitLab to reveal confidential project data, which includes templates.
The security breaches in GitLab have been categorized as “high severity” and are under the danger category of information exposure. Experts in cybersecurity advise that these vulnerabilities can be used to compromise the information of a company, primarily in settings where GitLab is used for control of version and development of software. These vulnerabilities can be manipulated easily. Attackers could easily attain access to protected project data without permission by manipulating the vulnerabilities. This can put critical operations and intellectual property in danger.
All the users of GitLab are strongly urged by the PTA to upgrade right away to the latest versions that are posted on the official website of GitLab. On October 9, 2024, to fix the flaws that were found, including in version 17.4.2, patches were made available. This fixes both CVEs. If these upgrades are not installed, systems can become vulnerable to being hacked and illegal data access.
The PTA asserts that maintaining strong cybersecurity defenses requires prompt security patch installation and routine system updates. To stop attackers from taking advantage of known vulnerabilities, organizations that use GitLab are advised to examine their present installations. They are also advised to implement the suggested updates and implement proactive security procedures.
Loading ...
 and Community Edition (CE).){kind=link}