GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security vulnerabilities, including a critical bug that could allow continuous integration and continuous delivery (CI/CD) pipelines to run on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability has a CVSS score of 9.6 out of 10.
“An issue has been discovered in GitLab EE that affects all versions from 12.5 to 17.2.9, from 17.3 to 17.3.5, and from 17.4 to 17.4.2, which allows pipelines to run on arbitrary branches,” – GitLab said in the consulting room.
Of the remaining seven problems, four received a high rating, two – medium and one – low –
- CVE-2024-8970 (CVSS Score: 8.2), which allows an attacker to run a pipeline on behalf of another user under certain circumstances.
- CVE-2024-8977 (CVSS Score: 8.2) which allows SSRF attacks on GitLab EE instances with the Product Analysis Panel configured and enabled
- CVE-2024-9631 (CVSS Score: 7.5) which causes slowness when diffing conflicting merge requests
- CVE-2024-6530 (CVSS score: 7.3) causing HTML to be implemented in the OAuth page when authorizing a new application due to a cross-site scripting issue
The advisory is the latest wrinkle in what appears to be a steady stream of pipeline-related vulnerabilities that have been disclosed by GitLab in recent months.
Last month, the company addressed another critical flaw (CVE-2024-6678, CVSS score: 9.9) that could allow an attacker to run pipeline jobs as an arbitrary user.
Before this, it also fixed three other similar flaws – CVE-2023-5009 (CVSS score: 9.6), CVE-2024-5655 (CVSS score: 9.6), and CVE-2024-6385 (CVSS Score: 9.6).
Although there is no evidence of active exploitation of the vulnerability, users are advised to update their instances to the latest version to guard against potential threats.
