www.itnews.com.au
Open in
urlscan Pro
203.176.102.69
Public Scan
URL:
https://www.itnews.com.au/news/gitlab-patches-another-critical-vulnerability-604520
Submission: On January 30 via api from TR — Scanned from AU
Submission: On January 30 via api from TR — Scanned from AU
Form analysis 1 forms found in the DOM
POST /news/gitlab-patches-another-critical-vulnerability-604520
<form id="frm-login" action="/news/gitlab-patches-another-critical-vulnerability-604520" method="post">
<h3 class="section-header"><span>Log In</span></h3>
<div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
<div id="login-validation"></div>
<div id="login-response"></div>
<div class="form-label email-login">Email:</div>
<div class="form-input"><input id="username" name="username" type="text" required=""></div>
<div class="form-label password-login">Password:</div>
<div class="form-input"><input id="password" name="password" type="password" required=""></div>
<div class="row form-checkbox">
<input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span> | <a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
</div>
</form>Text Content
Latest News NSW TELCO AUTHORITY SEEKS CYBER SECURITY DIRECTOR SYDNEY EDUCATOR SAYS GENAI WILL CHANGE WHAT SCHOOLS ASSESS TAL AUSTRALIA IN PROGRAM TO SOURCE FUTURE IAM TALENT RUSSIAN THREAT GROUP CRAFTED MALICIOUS OAUTH APPS TO BREACH MICROSOFT GITLAB PATCHES ANOTHER CRITICAL VULNERABILITY * Australia Edition * Asia Edition LOG IN SUBSCRIBE Search BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP State of Security State of Sustainability State of IT Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH * NEWS * GOVERNMENT * SECURITY * REPORTS * RESOURCES * PODCAST * BENCHMARKS NEWS BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP GOVERNMENT SECURITY REPORTS State of Security State of Sustainability State of IT RESOURCES Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH PODCAST BENCHMARKS Australia Edition Asia Edition LOG IN Email: Password: Remember me | Forgot password? Don't have an account? Register now! * Home * News * Technology * Security GITLAB PATCHES ANOTHER CRITICAL VULNERABILITY By Richard Chirgwin Jan 29 2024 11:34AM PLUS FOUR MEDIUM-RATED BUGS. Popular source code management platform GitLab was patched on Friday, Australian time, against five vulnerabilities, including one with a critical severity rating. The patches apply to both the enterprise and the community editions of GitLab. The critical vulnerability is CVE-2024-0402 and carries a CVSS score of 9.9. Discovered by GitLab employee Joern Schneeweisz, the bug “allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace”. This means an attacker could exploit the vulnerability to distribute malware as well as to steal data. It affects “all versions from 16.0 prior to 16.5.8, 16.6 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1”, GitLab said in its advisory, with the vulnerability fixed in version 16.8.1; the fix has also been backported to version 16.5.8. Earlier this month, GitLab addressed a critical account takeover bug. The four medium-rated vulnerabilities fixed in last week’s release are: * CVE-2023-6159 – A denial-of-service triggered by a malicious regular expression in a Cargo manifest; * CVE-2023-5933 – Improper input sanitization of username allows arbitrary API PUT requests; * CVE-2023-5612 – Disclosure of user emails via the Tags RSS feed; and * CVE-2024-0456 – An unauthorised attacker can assign any user to merge requests in a project. Two third-party packages, the libxml2 library and redis, have also been patched against vulnerabilities. Got a news tip for our journalists? Share it with us anonymously here. Copyright © iTnews.com.au . All rights reserved. Tags: gitlabsecurity RELATED ARTICLES * TAL Australia in program to source future IAM talent * Russian threat group crafted malicious OAuth apps to breach Microsoft * St Vincent’s Health says config, network credential data stolen by hackers * Misconfiguration exposes GKE clusters to takeover PARTNER CONTENT Partner Content There’s insight gold hidden in the mountains of data Partner Content AI powered self-healing networks a must in a hybrid-everything environment Partner Content Samsung Unleashes Educational Innovation: A Connected Campus for Future-Ready Learning Partner Content Maximising value starts by looking within your business SPONSORED WHITEPAPERS Operational excellence is a key part of system modernisation Barracuda’s security portfolio give MSPs teeth to help customers overcome cybersecurity challenges The State of Zero Trust Transformation, 2023 How Mainframe Modernization Begins with Application Modernization Insights Driven by Data. Verify, and keep verifying: Cybersecurity in a zero-trust world MOST READ ARTICLES MICROSOFT IDENTIFIES ROLE IN TRACKING MEDIBANK ATTACKER MELBOURNE MAN PLEADS GUILTY TO BUYING STOLEN DATA ON GENESIS MARKET APPLE PATCHES 2024'S FIRST ZERO-DAY NT POLICE LEAN ON AFP FOR DIGITAL DEVICE SEARCHES Please enable JavaScript to view the comments powered by Disqus. DIGITAL NATION COVER STORY: What AI regulation might look like in Australia Health tech startup Kismet raises $4m in pre-seed funding How eBay uses interaction analytics to improve CX More than half of loyalty members concerned about their data State of Security 2023 MOST POPULAR TECH STORIES * STATE OF SECURITY 2023 COVER STORY: SUSTAINABILITY AND AI, A PROMISING PARTNERSHIP OR AN ENVIRONMENTAL GREY AREA? FYAI: WHAT IS AN AI HALLUCINATION AND HOW DOES IT IMPACT BUSINESS LEADERS? CASE STUDY: WARREN AND MAHONEY ADOPTS DIGITAL TOOLS TO REDUCE ITS CARBON FOOTPRINT CRICKET AUSTRALIA AUTOMATES EXPERIENCES FOR FANS AND PLAYERS * MICROSOFT LAUNCHES NEW PARTNER BENEFITS PACKAGES RAPID CIRCLE ACQUIRES AZURE SPECIALIST AND FAST50 FIRM VNEXT MICROSOFT AI TOUR TO HIT SYDNEY ON FEBRUARY 7 SHIFT TO AS-A-SERVICE HELPED FAST50 FIRM AND HPE PARTNER ONEL CONSULTING DOUBLE SALES KINETIC IT WINS $23 MILLION FEDERAL GOVERNMENT CONTRACT * RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND THEY SHOULD SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE VENOM BLACKBOOK ZERO 15 PHANTOM HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT? * WESTERN SYDNEY "AEROTROPOLIS" WILL BE IN SPOTLIGHT AT SENSING THE WEST FORUM IN MARCH PITCHES INVITED FOR $10 MILLION DROUGHT RESILIENCE COMMERCIALISATION INITIATIVE SYDNEY'S SAFEGROUP EARNS SCHNEIDER ELECTRIC CYBERSECURITY SPECIALISATION ORION SATELLITE SYSTEMS OFFERS LEO SATELLITE SOLUTION THE 2024 AUSTRALIAN IOT AWARDS - DEADLINE EXTENDED TO 31 JANUARY 2024 Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS © 2024 nextmedia Pty Ltd. OTHER TECH SITES: BIT | CRN Australia | Digital Nation | IoT Hub All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation. Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions. Powered By Accept By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information. Close LOG IN Don't have an account? Register now! Email: Password: Remember me | Forgot your password? Log InCancel