Browsing tag
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email address. GitLab, which […]
Facebook messages are being used by threat actors to distribute a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report. Details about the campaign […]
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. “An issue has been discovered in […]
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down. “These packages, upon initial use, […]
GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. “It was possible for […]
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 […]
DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. “A hardcoded password was set for […]
Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions starting from 14.4 […]
If you follow the daily updates of the tech world, security problems are one of the most common affairs. While a lot of the blame game goes around these security goof-ups, one part of it belongs to developers who write bad code. A recent GitLab survey reveals that 69% of developers feel that they’re expected […]
Web application security course specialists have revealed that a large amount of confidential information has been exposed to the public on an undue basis in GitLab; according to the experts, the compromised information includes source code, access credentials and confidential keys for several private projects. One of the compromised implementations has been used by Samsung […]
Git hosting services like GitHub, Bitbucket, and GitLab are under ransom attack where hundreds of Git source code repositories have been wiped out and replaced with a ransom demand by attackers. The mysterious hackers have launched a coordinated attack across multiple Git repository platforms. It is unclear how this level of attack took place, but a ransom […]
The website announces that its rewards program is open to the participation of the general public The GitLab developing team reports that its bug bounty program has been kept active throughout the 2018, paying about $200k USD and helping to solve about 200 vulnerabilities. According to experts in digital forensics from the International Institute of […]
The news of Microsoft buying GitHub has created dissatisfaction among developers, and many of them are now looking for alternatives. In case you are one of them, here is good news for you. One of GitHub’s biggest rivals, GitLab, has seized this opportunity to attract even more developers to its platform by making its premium […]
GitLab is a widely used SaaS provider that focuses on developer related issues, including Git repository management, issue tracking and code review. During a recent pen test of GitLab (I wanted to see the service was a good fit to use at Incapsula), I was surprised to come across a vulnerability that leaves users exposed […]