Bleeping Computer

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
Bleeping Computer

GitLab warns of critical arbitrary branch pipeline execution flaw

GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. The vulnerability, ...
Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
Dark Reading

Critical GitLab Bug Threatens Software Development Pipelines

A critical GitLab vulnerability could allow an attacker to run a pipeline as another user. GitLab is a popular Git repository, second only to GitHub, with millions of active users. This week, it ...
heise online

Page 2: Approach to modularizing workflow stages with GitLab Job Template

The subdivision into specific stages serves the purpose of dividing the individual steps in the GitLab workflow directly into specific functions – The tools used are interchangeable. The stages and ...
CSOonline

Gitlab fixes bug that exploited internal policies to trigger hostile pipelines

Gitlab has released two patched releases, 16.2.7 and 16.3.4 for the Enterprise (EE) and Community (CE) editions of the DevOps platform in response to a critical severity bug discovered through its ...