GitLab releases security updates to fix information theft vulnerabilities and urges users to install them as soon as possible. 01/22 Update SLTechnology News&Howtos

GitLab releases security updates to fix information theft vulnerabilities and urges users to install them as soon as possible.

2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Shulou(Shulou.com)11/24 Report--

CTOnews.com, September 20, GitLab recently released a security update that fixes a "critical" level of high-risk vulnerability and urges users to upgrade as soon as possible. It is reported that GitLab Community Edition (CE) and Enterprise Edition (EE) have been affected from 13.12 to 16.2.7 and 16.3.4 to 16.3.

The vulnerability, discovered by security researcher and bug hunter Johan Carlsson, was originally a moderately serious vulnerability with tracking number CVE-2023-3932 and was officially fixed in August.

But the researchers found a new way to bypass protection and verified that additional influence could be exerted. The latest tracking number is CVE-2023-4998, which has a score of 9.6 in CVSS version 3.1 (out of 10, the higher the score, the more dangerous).

Without the user's knowledge and privileges, the attacker impersonates the user to perform pipeline tasks (a series of automated tasks) to obtain sensitive information, or impersonate the user's privileges to run code, modify data, or trigger specific events in the GitLab system.

GitLab Community and Enterprise versions 16.3.4 and 16.2.7 have currently fixed the CVE-2023-4998 vulnerability, and GitLab urges users to upgrade as soon as possible.

16.3.4Use new indexer, fix removing blobs from index

Backport "Fix Geo secondary proxying Git pulls unnecessarily" to 16.3

16.2.7Revert "Merge branch 'md-play-all-skipped-button' into' master'

CTOnews.com Note: GitLab is an open source version control and project management tool, which is divided into two versions: community Edition and Enterprise Edition.

The community version is free and can be deployed on your own server. It provides some basic version control and project management functions, such as source code control, problem tracking, code review, continuous integration and deployment.

The Enterprise Edition is free and needs to be deployed on the official GitLab server. It provides more advanced features than the community version, such as advanced security, easier management, internal code base, more management options, and reporting.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.