TLDR:
- GitLab has released updated versions for both Community Edition (CE) and Enterprise Edition (EE) to address critical vulnerabilities.
- A Stored XSS vulnerability (CVE-2023-6371) allowed attackers to inject malicious scripts, while another flaw (CVE-2024-2818) could cause denial of service attacks using emojis.
GitLab has recently announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE) to address critical security vulnerabilities. One of the most critical issues addressed in this update is a Stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-6371, which could allow attackers to inject malicious scripts and potentially cause denial of service (DoS) attacks. This high-severity issue underscores the potential risks to data integrity and user privacy. Another vulnerability patched in the latest release is CVE-2024-2818, a medium-severity issue that could allow attackers to cause a denial of service (DoS) using maliciously crafted emojis. In addition to addressing these vulnerabilities, GitLab has also updated its PostgreSQL versions to 13.14 and 14.11 as part of non-security patches to enhance platform stability and performance. GitLab strongly recommends that all users running affected versions upgrade to the latest version as soon as possible to mitigate the risks associated with these vulnerabilities. For more information on the vulnerabilities and the patches released, users are encouraged to visit GitLab’s official security release blog posts and the issue tracker. GitLab’s proactive approach to security and collaboration with the cybersecurity community play a crucial role in safeguarding the platform against evolving cyber threats. Users are urged to stay informed and take the necessary steps to ensure their installations are secure.