Tag: GitLab

GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk

Critical flaw in GitLab allows workspace creation to overwrite files - amazing opportunity for hackers

In a new security update, GitLab has issued a patch for a critical vulnerability. This flaw could allow unauthorized users to overwrite files, potentially leading to data corruption or executing arbitrary code. This vulnerability impacts GitLab CE/EE across several versions. New GitLab Critical Vulnerability Discovered A critical vulnerability identified as CVE-2024-0402, rated as high as… Continue reading GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk

GitLab Zero-Click Account Hijack Vulnerability Revealed

GitHub developers release a fix to the critical account hijack vulnerability

On January 11, 2024, GitLab released an update with the official warning regarding the critical security violation fix. The vulnerability allows the user to send the account password reset form to an unverified email address, effectively granting a stranger access to the repository. Almost all 16.x versions of their software package is susceptible to the… Continue reading GitLab Zero-Click Account Hijack Vulnerability Revealed

GitLab Releases Patch to Critical Vulnerability

If you are using GitLab 16.0, you're exposed to an extremely severe vulnerability.

GitLab, one of the most famous code repositories in the world, faces critical security issues in the latest update. Aside from advanced functionality, the 16.0 patch brought an extremely severe vulnerability. Experts already gave it CVSS 10.0 mark – the highest possible. What is GitLab? GitLab is an open-source repository and collaborative software development platform.… Continue reading GitLab Releases Patch to Critical Vulnerability

GitLab checked its employees: on phishing got every fifth

Recently, the GitLab platform conducted a security audit, analyzing if working from home employees are resistant to phishing attacks. As it turned out, every fifth got on phishing in GitLab: 20% of employees agreed to enter their credentials on a fake login page. A training attack conducted by the GitLab Red Team simulated a real… Continue reading GitLab checked its employees: on phishing got every fifth

IS researcher discovered a critical vulnerability in GitLab

IS researcher William Bowling made $20,000 by discovering a critical vulnerability in GitLab. The bug allowed achieving the execution of arbitrary code or stealing confidential data from the server. Bowling exposed the vulnerability in March 2020. Then the expert noticed that an attacker could get arbitrary files from the server while moving the issue from… Continue reading IS researcher discovered a critical vulnerability in GitLab