Unauthorized Pipeline Jobs Flaw Patched By GitLab - #CVE-2024-6385
GitLab has recently patched several critical and high-severity vulnerabilities in its Community and Enterprise Editions, including CVE-2024-6385, a flaw that could allow attackers to execute pipeline jobs as any user. This severe vulnerability, with a CVSS score of 9.6, posed significant risks of unauthorized access, data breaches, and supply chain attacks. Other patched issues included flaws related to group namespace URLs, deploy tokens, NPM package uploads, user bans, and subdomain takeovers. Prompt updating is strongly recommended to mitigate these threats, which follow advisories from CISA and the FBI highlighting OS command injection vulnerabilities.