×

Irish Information Security Forum

GitLab Critical Security Release

Source: GitLab Security Releases
Release Date: 11th January 2024

 

 

GitLab’s issues critical security release addressing vulnerability identified as CVE-2023-5009. This vulnerability, with a CVSS score of 9.6, poses a significant risk. It affects versions before 16.2.7 of GitLab Enterprise Edition (EE) and versions before 16.3.4 of GitLab Community Edition (CE).

 

 

GitLab has released fixes for security vulnerabilities detailed in security releases. For more information, you can visit GitLAb's security FAQ. Be aware that the issues detailing each vulnerability are made public on Gitlab's issue tracker 30 days after the release in which they were patched.

 

Recommended Action

GitLAb strongly recommens that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.

 

When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.

 

Table of fixes

TitleSeverity
Account Takeover via password reset without user interactions Critical
Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user Critical
Bypass CODEOWNERS approval removal High
Workspaces able to be created under different root namespace Medium
Commit signature validation ignores headers after signature Low

 

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter