GitLab patches major security flaw - here's what we know

A new patch fixes six important GitLab flaws ...

GitLab warns of high-severity 2FA bypass, denial-of-service flaws

GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its ...
InfoQ

GitLab Protocol Fuzzer CE Now Open-Source

GitLab has open-sourced the core protocol fuzz testing engine it has been using since its 13.4 release. Fuzz testing aims to more effectively find security issues and flaws in business logic by ...
SecurityWeek

Atlassian, GitLab, Zoom Release Security Patches

Atlassian, GitLab, and Zoom have released security patches for over two dozen vulnerabilities, including flaws leading to code execution.
Bleeping Computer

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
TechRadar

GitLab has patched a host of worrying security issues

GitLab releases patch for nine flaws, including two critical severity ones The critical flaws allowed threat actors to bypass authentication and could lead to data exfiltration Patch is available now, ...
CSO Online

GitLab 2FA login protection bypass lets attackers take over accounts

The platform warns users of on-premises versions to upgrade to the latest versions; SaaS and web versions have been patched.
IT News For Australia Business

GitLab fixes account takeover vulnerability

GitLab has patched a critical and trivial-to-exploit account takeover bug. The attack vector for CVE-2023-7028 is the password reset function. “User account password reset emails could be delivered to ...