EUVD-2024-49319

Malicious code in bioql PyPI...

EUVD-2024-50966

Malicious code in bioql PyPI...

CVE-2024-8641

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

CVE-2024-12570

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

BIT-GITLAB-2024-12570 Privilege Context Switching Error in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

CVE-2024-12570

GitLab CVE-2024-12570 affects GitLab CE/EE versions: 13.7–17.4.5, 17.5.0–17.5.3, and 17.6.0–17.6.1 (i.e., all versions starting from 13.7 prior to 17.4.6; 17.5 prior to 17.5.4; 17.6 prior to 17.6.2). The issue could allow an attacker with a victim's CI_JOB_TOKEN to obtain the victim's GitLab sess...

CVE-2024-12570 Privilege Context Switching Error in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

CVE-2024-12570

Removed by vendor...

BIT-GITLAB-2024-8641 Privilege Context Switching Error in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

FreeBSD : Gitlab -- vulnerabilities (bcc8b21e-7122-11ef-bece-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bcc8b21e-7122-11ef-bece-2cf05da270f3 advisory. Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent...

CVE-2024-8641 Privilege Context Switching Error in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...

GitLab: An attacker can run pipeline jobs as arbitrary user

Summary An attacker can run arbitrary pipeline jobs as a victim user. This means the attacker can access the user private repositories, member only repositories, registry, etc... by using the victim CIJOBTOKEN token. This is only my recent research and I wanted to report it as soon as possible. I...