High Threat Security Alert (A24-01-27): Multiple Vulnerabilities in GitLab


 

Published on: 31 January 2024

  
  

Description:

GitLab has released 16.5.8, 16.6.6, 16.7.4 and 16.8.1 to address multiple vulnerabilities in various versions of GitLab.

Reports indicate that the tampering vulnerability (CVE-2024-0402) in GitLab Community Edition (CE) and Enterprise Edition (EE) is at a high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • GitLab Community Edition (CE) prior to versions 16.5.8, 16.6.6, 16.7.4 and 16.8.1
  • GitLab Enterprise Edition (EE) prior to versions 16.5.8, 16.6.6, 16.7.4 and 16.8.1

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure or tampering on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
  • https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240131
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5612
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5933
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6159
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41056
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0402
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0456


Tag: GitLab
Tags