A recent report by Xavier Mertens, a Senior ISC Handler and cybersecurity consultant, highlights a concerning trend where cybercriminals are increasingly using legitimate Python libraries for malicious activities.
Cyware News – Latest Cyber News – Read More
Ireland’s data protection authorities are investigating Google’s AI model to ensure compliance with GDPR. The Irish Data Protection Commission (DPC) is leading the inquiry into Google Ireland under Section 110 of the Data Protection Act 2018.
Cyware News – Latest Cyber News – Read More
GitLab has rolled out essential patch updates for both its Community Edition (CE) and Enterprise Edition (EE), targeting multiple security vulnerabilities and system bugs. These critical updates are crucial for addressing high-severity issues that could jeopardize the security and functionality of GitLab environments.
The new releases—versions 17.3.2, 17.2.5, and 17.1.7—introduce a range of fixes and improvements designed to counteract various vulnerabilities. Users operating on the affected versions are urged to promptly upgrade their GitLab instances to protect against these vulnerabilities.
Cyble’s latest security advisory provides an in-depth examination of recent critical patches released by various vendors, with a particular focus on vulnerabilities addressed in GitLab. As a comprehensive DevOps platform, GitLab integrates the entire software development lifecycle into a single application, streamlining collaboration, code management, and deployment.
The vulnerabilities identified in GitLab vary widely in severity, with CVSS base scores ranging from 3.1 to 9.9. These vulnerabilities encompass a range of critical issues, from unauthorized access to sensitive information to potential system compromises. Understanding and addressing these vulnerabilities is crucial for maintaining the security and integrity of GitLab installations. The following sections detail each vulnerability, including its severity, affected versions, and recommended remediation steps.
CVE-2024-6678, which carries a CVSS score of 9.9, represents a critical vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE) versions from 8.14 up to, but not including, 17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2. This flaw allows attackers to trigger a pipeline as an arbitrary user under specific conditions. The impact of this vulnerability is severe, as it can lead to unauthorized actions within the GitLab environment. Cyble ODIN’s investigation has uncovered 89,706 internet-exposed GitLab instances, with a significant number located in China, highlighting the urgency of addressing this issue.
CVE-2024-8640 is a high-severity vulnerability with a CVSS score of 8.5, affecting GitLab EE versions from 16.11 up to 17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2. This issue allows for command injection into a connected Cube server due to incomplete input filtering. The potential consequences include unauthorized command execution, which could compromise the integrity and security of the affected systems.
CVE-2024-8635, with a CVSS score of 7.7, affects GitLab EE versions from 16.8 up to 17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2. This vulnerability enables server-side request forgery, allowing attackers to make requests to internal resources using a custom Maven Dependency Proxy URL. This flaw could potentially lead to unauthorized access to internal systems, increasing the risk of data exposure or other security breaches.
CVE-2024-8124, rated 7.5 on the CVSS scale, impacts GitLab CE/EE versions from 16.4 to 17.1.7, 17.2 to 17.2.5, and 17.3 to 17.3.2. This vulnerability could open the door for a denial of service attack by sending a large ‘glm_source’ parameter without requiring user interaction. The result can be a disruption of service availability, affecting users’ ability to access or utilize GitLab functionalities effectively.
With a CVSS score of 6.7, CVE-2024-8641 affects GitLab CE/EE versions from 13.7 to 17.1.7, 17.2 to 17.2.5, and 17.3 to 17.3.2. This vulnerability involves improper session handling, allowing an attacker with access to a victim’s CI_JOB_TOKEN to obtain the victim’s GitLab session token. There’s a high chance that this could potentially lead to unauthorized access to sensitive areas within the GitLab environment.
CVE-2024-8311, with a CVSS score of 6.5, is present in GitLab EE versions from 17.2 up to 17.2.5 and 17.3 up to 17.3.2. This flaw allows authenticated users to bypass pipeline execution policies by including a CI/CD template, potentially leading to unauthorized modifications or access within the GitLab pipeline.
CVE-2024-4660, also rated 6.5 on the CVSS scale, affects GitLab EE versions from 11.2 up to 17.1.7, 17.2 up to 17.2.5, and 17.3 up to 17.3.2. This vulnerability permits guests to read the source code of private projects through group templates, leading to unauthorized information disclosure and potential security risks.
Several other vulnerabilities, including CVE-2024-4283 and CVE-2024-4612, present medium-severity risks, such as open redirects and improper input validation. If not promptly addressed, these issues can lead to account takeovers, exposure of sensitive data, or unauthorized access.
Each of these vulnerabilities has been assigned a CVSS score reflecting its impact and severity, and organizations are urged to apply relevant patches and updates.
Given GitLab’s critical role in many organizations’ software development processes, the recent updates addressing multiple vulnerabilities are of paramount importance. These vulnerabilities, ranging from unauthorized access and sensitive data exposure to potential denial of service attacks, could significantly impact an organization’s security and operational integrity. Organizations must apply the latest patches and updates to reduce any potential impact of these risks being exploited and improve their overall security posture.
Organizations are strongly advised to immediately upgrade to the latest GitLab versions where these vulnerabilities have been addressed.
Properly configuring permissions and access levels should be a priority for firms that want to safeguard sensitive information.
Regular monitoring of logs and auditing access can help detect unusual activities and potential exploitation attempts.
Training users to recognize phishing attempts and secure their accounts will further mitigate risks associated with social engineering attacks.
Implementing robust security policies, including multi-factor authentication (MFA) and regular security assessments, is crucial.
Maintaining up-to-date backups and testing recovery procedures will ensure timely and rapid restoration in the aftermath of a security incident.
It is recommended that a comprehensive patch management strategy be developed that includes inventory management, patch assessment, testing, deployment, and verification.
Proper network segmentation to avoid exposure of critical assets over the Internet and maintaining an up-to-date inventory of all internal and external assets will further enhance organizational security.
The post GitLab Community and Enterprise Editions Receive New Updates to Mitigate Severe Security Risks appeared first on Cyble.
Blog – Cyble – Read More
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users’ credentials.
“Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content,” Palo Alto
The Hacker News – Read More
The Port of Seattle released a statement Friday confirming that it was targeted by a ransomware attack. The attack occurred on August 24, with the Port (which also operates the Seattle-Tacoma International Airport) saying it had “experienced certain system outages indicating a possible cyberattack.” The Port is now describing this as “a ‘ransomware’ attack by […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Post Content
darkreading – Read More
Post Content
darkreading – Read More
Plus: New evidence emerges about who may have helped 9/11 hijackers, UK police arrest a teen in connection with an attack on London’s transit system, and Poland’s spyware scandal enters a new phase.
Security Latest – Read More
Cybersecurity researchers at Cleafy discovered a new variant of the TrickMo Android banking trojan that evades analysis and displays fake login screens to steal banking credentials.
Cyware News – Latest Cyber News – Read More
GitLab released updates covering versions 17.1.7, 17.2.5, and 17.3.2 for GitLab Community Edition (CE) and Enterprise Edition (EE), addressing a total of 18 security issues.
Cyware News – Latest Cyber News – Read More