Learn about the indispensable role of SSPM in ensuring your identity remains unbreachable. Stay ahead with actionable insights on how ITDR identifies and mitigates threats. [Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM The new vulnerability has been remediated in GitLab versions 16.3.4 and 16.2.7. CVE-2023-3932 was addressed by GitLab in early August 2023. Security researcher Johan Carlsson (aka joaxcar) has been credited with discovering and reporting the flaw. Successful exploitation of CVE-2023-5009 could allow a threat actor to access sensitive information or leverage the elevated permissions of the impersonated user to modify source code or run arbitrary code on the system, leading to severe consequences. “This was a bypass of CVE-2023-3932 showing additional impact.” “It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies,” GitLab said in an advisory. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |