GitLab security advisory (AV24-025)

Serial number: AV24-025
Date: January 12, 2024

On January 11, 2024, GitLab published a security advisory to address critical vulnerabilities in the following products:

  • GitLab Community Edition (CE) – multiple versions
  • GitLab Enterprise Edition (EE) – multiple versions

Exploitation of some of these vulnerabilities could allow for the impersonation of legitimate users or full system compromise.

Open-source reporting has indicated that proof-of-concept exploit code is available for this vulnerability.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: