GitLab security advisory (AV24-025)

Serial number: AV24-025
Date: January 12, 2024

On January 11, 2024, GitLab published a security advisory to address critical vulnerabilities in the following products:

  • GitLab Community Edition (CE) – multiple versions
  • GitLab Enterprise Edition (EE) – multiple versions

Exploitation of some of these vulnerabilities could allow for the impersonation of legitimate users or full system compromise CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability. .

Open-source reporting has indicated that proof-of-concept exploit code is available for this vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. .

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

Date modified: