![Darkman Trilogy [Blu-ray]](https://techcratic.com/wp-content/uploads/2024/11/81O0DPjiK9L._SL1500_-360x180.jpg)
Divya
2024-10-24 06:18:00
gbhackers.com
GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE).
The updates address a high-severity HTML injection vulnerability that could lead to cross-site scripting (XSS) attacks. The patched versions, 17.5.1, 17.4.3, and 17.3.6, are now available for immediate upgrade.
The vulnerability, CVE-2024-8312, affects all GitLab CE/EE versions from 15.10 to the latest releases before these patches.
It was discovered that an attacker could inject HTML into the Global Search field on a diff view, potentially exploiting this flaw for XSS attacks.
National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now
With a CVSS score of 8.7, this issue is considered high severity due to its potential impact on confidentiality and integrity.
GitLab has emphasized the importance of upgrading self-managed installations to these patched versions without delay.
While GitLab.com users are already protected with the updated version, GitLab Dedicated customers do not need to take any action.
In addition to the XSS vulnerability, the updates address a medium-severity denial of service (DoS) vulnerability via XML manifest file import, identified as CVE-2024-6826.
This issue affected versions from 11.2 onwards and could allow attackers to disrupt services by importing a maliciously crafted XML file.
Researchers boxcar and a92847865 responsibly reported both vulnerabilities through GitLab’s HackerOne bug bounty program, respectively.
GitLab continues its commitment to security by releasing both scheduled and ad-hoc critical patches for high-severity vulnerabilities. Scheduled releases occur twice monthly on the second and fourth Wednesdays.
Users are encouraged to visit GitLab’s release blog and security FAQ for more information on maintaining secure installations.
The company also advises following best practices outlined in their blog post on securing GitLab instances.
For those using GitLab’s helm charts, devkit, and analytics stack, updates have been made to remove support for dynamic funnels, alongside an update to the Ingress NGINX Controller image version 1.11.2.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.
