Summary: GitLab has released critical patch updates to address multiple security vulnerabilities in its import functionality and other core features, following discoveries from its HackerOne bug bounty program. Users are urged to upgrade to the latest versions to enhance security and mitigate potential risks.
Threat Actor: Unknown | unknown
Victim: GitLab | GitLab
Key Point :
- Four vulnerabilities (CVE-2024-5655, CVE-2024-6385, CVE-2024-6678, CVE-2024-8970) were identified in GitLabβs import functionality.
- Key changes include post-import mapping, email-independent mapping, and enhanced user control over contributions.
- Additional vulnerabilities addressed include access token exposure, cyclic references leading to DoS attacks, and unauthorized manipulation of issue statuses.
- GitLab recommends immediate upgrades and advises disabling importers until the upgrade is complete.
Source: https://securityonline.info/gitlab-tackles-critical-security-flaws-in-latest-patch-release/