Gitlab addresses XSS and DoS vulnerabilities
Share this:
GitLab has released critical security updates for versions 16.10.1, 16.9.3, and 16.8.5 of its popular Git management software. These patches address vulnerabilities that could expose users to attacks ranging from malicious code execution to system outages.
CVE-2023-6371 is a High Severity XSS vulnerability in Wiki Pages: This vulnerability could allow an attacker to inject malicious code into Wiki pages. When viewed by unsuspecting users, this code could execute, potentially stealing credentials, altering content, or taking other harmful actions.
CVE-2024-2818 is a Medium Severity DoS via Emojis: Attackers could carefully craft messages containing emojis in a way that overwhelms GitLab systems, causing a Denial-of-Service (DoS). This could disrupt collaboration or even take critical workflows offline.
Both GitLab Community Edition (CE) and Enterprise Edition (EE) users are affected and must prioritize updating to the latest patched versions. The longer you wait, the more time attackers must potentially exploit these weaknesses.
GitLab’s proactive disclosure, including crediting the security researchers who discovered the problems, highlights the importance of responsible vulnerability reporting. Additionally, this update includes:
- PostgreSQL Upgrade: Improves security and performance of the underlying database.
- Bug Fixes: Addresses various stability and usability issues.
- Staying Secure with GitLab: Best Practices
