New GitLab Vulnerability Enables Unauthorized Pipeline Execution

GitLab recently released a security advisory warning of a critical vulnerability impacting its GitLab Community and Enterprise editions that would let threat actors run unauthorized pipeline jobs. The flaw, tracked as CVE-2024-6385 [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6385], has a CVSS severity score of 9.6 out of 10 and was flagged as critical. It affects all GitLab Community and Enterprise versions 15.8 through 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Vulnerability Le
文 » A