New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
11 October 2024
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.
"An issue was discovered in GitLab EE