all InfoSec news
GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)
Help Net Security www.helpnetsecurity.com
GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. The flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the vulnerability (CVE-2023-5009) CVE-2023-5009 – discovered by software developer and bug hunter Johan Carlsson (joaxcar) in GitLab EE – affects all versions starting from 13.12 before 16.2.7 and all versions starting from 16.3 before … More
The post …
abuse actor bug community critical critical vulnerability cve cve-2023-5009 developer devops don't miss enterprise fixes flaw gitlab hot stuff hunter may open source patch pipelines platform policies run scan security update software software developer threat threat actor vulnerability