GitLab Multiple Vulnerabilities
Release Date: 14 Oct 2024
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
Impact
- Remote Code Execution
- Denial of Service
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
- Spoofing
- Cross-Site Scripting
System / Technologies affected
- GitLab Community Edition (CE) versions prior to 17.4.2, 17.3.5, 17.2.9
- GitLab Enterprise Edition (EE) versions prior to 17.4.2, 17.3.5, 17.2.9
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Vulnerability Identifier
- CVE-2024-5005
- CVE-2024-6530
- CVE-2024-8970
- CVE-2024-8977
- CVE-2024-9164
- CVE-2024-9596
- CVE-2024-9623
- CVE-2024-9631
沒有留言:
發佈留言