Summary
Security updates have been released that address vulnerabilities, including one with a severity of “critical” and three with a severity of “high,” in GitLab Community Edition (CE) and Enterprise Edition (EE).
Risk
Estimate of impact of the vulnerability on the reference community: HIGH/ORANGE (66.53/100)1.
Type
- Arbitrary Code Execution
- Security Feature Bypass
- Denial of Service
Affected products and/or versions
GitLab Community Edition (CE) and Enterprise Edition (EE)
Mitigation actions
In line with vendor statements, it is recommended to update vulnerable products by following the indications of the security bulletins reported in the References section.
Unique vulnerability identifiers
The CVEs for the vulnerabilities with a severity of “critical” and “high” are reported below:
References
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.