Summary
Security updates have been released that address 6 vulnerabilities, including one with a “high” severity, in GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability could allow an attacker with access to the Personal Access Token (PAT) of the potential victim to elevate their privileges on the target systems.
Risk
Estimate of the vulnerability’s impact on the reference community: MEDIUM/YELLOW (64.35/100)1.
Type
- Privilege Escalation
Affected Products and/or Versions
GitLab Community Edition (CE) and Enterprise Edition (EE)
- 8.12 to 17.4.5 (excluding)
- 17.5.x, versions prior to 17.5.3
- 17.6.x, versions prior to 17.6.1
Mitigation Actions
In line with vendor statements, it is recommended to update GitLab products to the latest available version.
Unique Vulnerability Identifiers
Here are only the CVEs related to the “high” severity vulnerabilities:
References
https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
