GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user.
Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.
"An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to
GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to
https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html