all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

Add to bookmarks
Sept. 22, 2023, 10:29 a.m. | Helga Labus

Help Net Security www.helpnetsecurity.com

GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. The flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the vulnerability (CVE-2023-5009) CVE-2023-5009 – discovered by software developer and bug hunter Johan Carlsson (joaxcar) in GitLab EE – affects all versions starting from 13.12 before 16.2.7 and all versions starting from 16.3 before … More


The post …

abuse actor bug community critical critical vulnerability cve cve-2023-5009 developer devops don't miss enterprise fixes flaw gitlab hot stuff hunter may open source patch pipelines platform policies run scan security update software software developer threat threat actor vulnerability

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 14 hours ago | www.helpnetsecurity.com
android android apps app apps +17
Trellix Wise automates security workflows with AI, streamlining threat detection and remediation 16 hours ago | www.helpnetsecurity.com
artificial artificial intelligence cyber cyber risk +21
Microsoft, Google widen passkey support for its users 16 hours ago | www.helpnetsecurity.com
account protection authentication awareness bitwarden +18
Cyble Vision X covers the entire breach lifecycle 17 hours ago | www.helpnetsecurity.com
access artificial artificial intelligence aspect +23
BlackBerry CylanceMDR improves cybersecurity defensive strategy 17 hours ago | www.helpnetsecurity.com
address advanced ai platform amp +28
FortiGate 200G series boosts campus connectivity for Wi-Fi 7 18 hours ago | www.helpnetsecurity.com
ai-powered campus connectivity firewall +15
Nokod Security Platform secures low-code/no-code development environments and apps 18 hours ago | www.helpnetsecurity.com
applications apps automations code +23
Lenovo launches AI-based Cyber Resiliency as a Service 19 hours ago | www.helpnetsecurity.com
copilot copilot for security cyber cyber protection +24
Edgio ASM reduces risk from web application vulnerabilities 19 hours ago | www.helpnetsecurity.com
application application vulnerabilities asm assets +33

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164
View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057
View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States
View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172
View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote
View on infosec-jobs.com
View more jobs