DevSecOps platform Gitlab: Account takeover possible
Security updates for Gitlab prevent unauthorized access and DoS attacks, among other things.
(Image: AFANASEV IVAN/Shutterstock.com)
For security reasons, admins should update their Gitlab installation to the latest version. Otherwise, attackers can exploit several vulnerabilities and compromise systems.
In a post, the developers write that the secure editions are already running on Gitlab.com. For self-managed Gitlab installations, versions 17.4.6, 17.5.4 and 17.6.2 have now been released in the Community Edition and Enterprise Edition.
Install security patches
The developers have closed a total of twelve security vulnerabilities. Two of these are classified as"high" threat level (CVE-2024-11274, CVE-2024-8233). In the first case, attackers can take over accounts by manipulating Kubernetes proxy responses. In the second case, DoS attacks are conceivable.
Videos by heise
The remaining gaps are classified as"medium" and"low". Access to information that is actually shielded is possible here (CVE-2024-10043). The developers recommend a quick update. So far there are no reports of ongoing attacks.
(des)
