December 11, 2023

GitLab is a web-based DevOps life cycle platform providing an open-source license from GitLab Inc. to offer wiki, problem tracking, and continuous pipeline integration and deployment capabilities. GitLab fixed many Vulnerabilities including high impact security flaws.

GitLab’s GraphQL API, a cross-site request forgery (CSRF) has developed a mechanism for an attacker to call modifications while they are impersonating as their victims.

The Gitlab Webhook feature could be exploited for denial- of service (DoS) attacks because of a second high-level security vulnerability.

Afewgoats‘ researchers have identified DoS vulnerability and reported it through a HackerOne-operated GitLab bug reward program.

“The webhook connections usually have timeouts set, but badly-behaving webserver can bypass them and keep the connection open for days.” afewgoats explained.

Through updating installations to a new version of GitLab, CRSF and DoS issues and a range of minor errors can be rectified.

As a security advisory from GitLab, the platform upgrade addresses 15 medium severity and two low-impact issues. These add-on vulnerabilities also include a clipboard DOM-based cross-site scripting (XSS) issue, a reflected XSS in release edit pages, and the audit log problem of the stored XSS

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d