GitLab has a critical vulnerability that affects all authentication mechanisms. Without two-factor authentication, users are at significant risk. The vulnerability is currently fixed, and users are recommended to update to the latest version. GitLab Critical Vulnerability Exploited The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently warned about a critical vulnerability discovered in GitLab’s software.… Continue reading GitHub Vulnerability Exploited in the Wild, CISA Notifies
Tag: GitLab
GitHub and GitLab CDNs Abused to Spread Malware
Recent research around new spreading approaches of one stealer malware family revealed a new way to abuse GitHub. Instead of creating repositories that contain malware files, hackers push the files they need through the issue reporting mechanism in the repository menu. This allows for making malware look like a file from a legit repo, bypassing… Continue reading GitHub and GitLab CDNs Abused to Spread Malware
GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk
In a new security update, GitLab has issued a patch for a critical vulnerability. This flaw could allow unauthorized users to overwrite files, potentially leading to data corruption or executing arbitrary code. This vulnerability impacts GitLab CE/EE across several versions. New GitLab Critical Vulnerability Discovered A critical vulnerability identified as CVE-2024-0402, rated as high as… Continue reading GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk
GitLab Zero-Click Account Hijack Vulnerability Revealed
On January 11, 2024, GitLab released an update with the official warning regarding the critical security violation fix. The vulnerability allows the user to send the account password reset form to an unverified email address, effectively granting a stranger access to the repository. Almost all 16.x versions of their software package is susceptible to the… Continue reading GitLab Zero-Click Account Hijack Vulnerability Revealed
GitLab Releases Patch to Critical Vulnerability
GitLab, one of the most famous code repositories in the world, faces critical security issues in the latest update. Aside from advanced functionality, the 16.0 patch brought an extremely severe vulnerability. Experts already gave it CVSS 10.0 mark – the highest possible. What is GitLab? GitLab is an open-source repository and collaborative software development platform.… Continue reading GitLab Releases Patch to Critical Vulnerability
GitLab checked its employees: on phishing got every fifth
Recently, the GitLab platform conducted a security audit, analyzing if working from home employees are resistant to phishing attacks. As it turned out, every fifth got on phishing in GitLab: 20% of employees agreed to enter their credentials on a fake login page. A training attack conducted by the GitLab Red Team simulated a real… Continue reading GitLab checked its employees: on phishing got every fifth
IS researcher discovered a critical vulnerability in GitLab
IS researcher William Bowling made $20,000 by discovering a critical vulnerability in GitLab. The bug allowed achieving the execution of arbitrary code or stealing confidential data from the server. Bowling exposed the vulnerability in March 2020. Then the expert noticed that an attacker could get arbitrary files from the server while moving the issue from… Continue reading IS researcher discovered a critical vulnerability in GitLab