GitLab has rolled out security updates to fix 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9, which allows attackers to execute pipeline jobs as arbitrary users. This issue affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions starting from 8.14 up to 17.3.1.
CVE-2024-6678 affects GitLab versions prior to 17.3.2, 17.2.5, and 17.1.7 and is considered a severe risk due to its potential to let attackers trigger a pipeline under specific circumstances. GitLab urges users to apply the patches as soon as possible to mitigate the risk of exploitation.
Along with CVE-2024-6678, GitLab addressed three high-severity, 11 medium-severity, and two low-severity vulnerabilities in its latest updates. The security patches have been rolled out for versions 17.3.2, 17.2.5, and 17.1.7 for both the Community Edition (CE) and Enterprise Edition (EE) of GitLab.
CVE-2024-6678 is the fourth critical flaw patched by GitLab in the past year, following CVE-2023-5009, CVE-2024-5655, and CVE-2024-6385, all with a CVSS score of 9.6.
While there is currently no evidence of these vulnerabilities being actively exploited, users are strongly encouraged to update their GitLab installations to avoid potential security risks.
This follows a similar case from May 2024 when the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported active exploitation of another critical GitLab flaw (CVE-2023-7028) with a maximum CVSS score of 10.0. The consistent discovery of critical vulnerabilities underscores the importance of regular patching to secure systems against evolving threats.
September 13, 2024
September 13, 2024
September 13, 2024
October 09, 2024
October 05, 2025
September 20, 2024
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
