Tag: gitlab
-
Hack The box >>Ghost<< Challenge Cracked A Detailed Technical Exploit
by
in SecurityNewsCybersecurity researcher >>0xdf>Ghost
-
Europcar GitLab breach exposes data of up to 200,000 customers
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/
-
Why So Many Employee Phishing Training Initiatives Fall Short
by
in SecurityNewsDuring the work-from-home boom of 2020, GitLab, a company that largely employs tech-savvy individuals, decided to test its security by sending fake phishing messages to its WFH workers. About one out of every five tested employees fell for it, and… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/why-so-many-employee-phishing-training-initiatives-fall-short/
-
GitLab fixes critical SSO bypass vulnerabilities in update
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/gitlab-fixes-critical-sso-bypass-vulnerabilities-in-update
-
GitLab addressed critical auth bypass flaws in CE and EE
by
in SecurityNewsGitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. GitLab CE/EE versions 17.7.7, 17.8.5,…
-
GitLab patches critical authentication bypass vulnerabilities
by
in SecurityNewsGitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gitlab-patches-critical-authentication-bypass-vulnerabilities/
-
GitLab Identifies Security Vulnerabilities Enabling Attacker Logins as Valid Users
by
in SecurityNewsGitLab announced the release of versions 17.9.2, 17.8.5, and 17.7.7 for both its Community Edition (CE) and Enterprise Edition (EE). These updates include crucial bug and security fixes, urging all self-managed installations to upgrade promptly to protect against several critical vulnerabilities. Impact of the Vulnerabilities Two significant security issues identified in third-party gems used by…
-
Ohne Nutzerinteraktion: Wie Hacker fremde Gitlab-Accounts übernehmen konnten
by
in SecurityNewsLetztes Jahr hat Gitlab eine gefährliche Sicherheitslücke geschlossen. Ein neuer Bericht zeigt, wie leicht sich damit fremde Konten kapern ließen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-per-passwort-reset-fremde-gitlab-konten-infiltriert-2503-193884.html
-
Sicherheitslücke: Per Passwort-Reset fremde Gitlab-Konten infiltriert
by
in SecurityNewsLetztes Jahr hat Gitlab eine gefährliche Sicherheitslücke geschlossen. Ein neuer Bericht zeigt, wie leicht sich damit fremde Konten kapern ließen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-per-passwort-reset-fremde-gitlab-konten-infiltriert-2503-193884.html
-
GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts
by
in SecurityNewsGitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that could allow attackers to bypass security mechanisms, execute malicious scripts, and access sensitive data. The patches, included in versions 17.9.1, 17.8.4, and 17.7.6 for both Community Edition (CE) and Enterprise Edition (EE), mitigate critical risks affecting Kubernetes integrations, dependency management,…
-
Software Bill of Material umsetzen: Die besten SBOM-Tools
by
in SecurityNews
Tags: api, business, compliance, container, cyberattack, data, docker, gartner, github, gitlab, healthcare, linux, monitoring, open-source, risk, saas, sbom, service, software, tool, update, vulnerabilityNur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der SolarWinds-Angriff sowie die Log4j-Schwachstelle…
-
Sicherheitslücken: Gitlab-Entwickler raten zu zügigem Update
by
in SecurityNewsGitlab ist unter anderem für DoS-Attacken anfällig. Außerdem können vertrauliche Informationen leaken. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsluecken-Gitlab-Entwickler-raten-zu-zuegigem-Update-10281262.html
-
GitLab Security Update Patch for Multiple Vulnerabilities
by
in SecurityNewsGitLab, the widely adopted DevOps platform, has announced the immediate release ofversions 17.8.1, 17.7.3, and 17.6.4for both its Community Edition (CE) and Enterprise Edition (EE). These updates address multiple security vulnerabilities and provide critical fixes, underscoring GitLab’s commitment to maintaining the highest security standards. The vulnerabilities addressed in these updates include a high-severityStored XSS via…
-
Gitlab Patches Multiple Vulnerabilities Including Resource Exhaustion User Manipulation
by
in SecurityNewsGitLab has announced the release of critical updates to its Community Edition (CE) and Enterprise Edition (EE), specifically versions 17.7.1, 17.6.3, and 17.5.5. These updates are essential for maintaining security and stability across all self-managed GitLab installations and should be implemented immediately. The company has already rolled out the patched version on GitLab.com, and GitLab…
-
GitLab CISO on proactive monitoring and metrics for DevSecOps success
by
in SecurityNewsIn this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/09/josh-lemos-gitlab-devsecops-success/
-
Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal
Byte Federal says the personal information of 58,000 was compromised after a GitLab flaw allowed attackers to access a server. The post Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hackers-possibly-stole-personal-data-from-bitcoin-atm-operator-byte-federal/
-
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed
by
in SecurityNewsUS Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitcoin-atm-firm-byte-federal-hacked-via-gitlab-flaw-58k-users-exposed/
-
GitLab Security Update, Patch for Critical Vulnerabilities
by
in SecurityNewsGitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6 address several high-severity vulnerabilities, and GitLab strongly recommends that all self-managed installations be upgraded immediately. It is worth noting that GitLab.com is already running the patched version, while GitLab-dedicated customers…
-
Wiederherstellung und Backup für GitHub, GitLab und Bitbucket – HYCU ermöglicht Code ohne Datenverlustrisiko
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/hycu-unterstuetzt-github-gitlab-data-protection-a-ac1b75e41a693e8ee1674848f71193c3/
-
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments
by
in SecurityNewsKudelski Security has developed an open-source solution named YouShallNotPass (YSNP) to enhance the security of GitLab and GitHub pipelines. YSNP vali… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/01/youshallnotpass-hardening-ci-cd-pipelines-on-mission-critical-environments/
-
Hochriskante Sicherheitslücke in PostgreSQL: Gitlab patcht (noch) nicht
by
in SecurityNewsEine bekannte Lücke ermöglicht es einfachen Nutzern, in PostgreSQL Befehle einzuschleusen. Ein Update gäbe es. GitLab installiert es bislang nicht. First seen on heise.de Jump to article: www.heise.de/news/Hochriskante-Sicherheitsluecke-in-PostgreSQL-Gitlab-patcht-noch-nicht-10181730.html
-
Critical Gitlab Vulnerability Let Attackers Escalate Privileges
by
in SecurityNewsGitLab, a widely used platform for DevOps lifecycle management, has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address multiple vulnerabilities, including a high-severity issue that could allow attackers to escalate privileges via compromised tokens. The company strongly advises all self-managed GitLab installations to upgrade immediately to the…
-
Updates verfügbar: Mehrere Sicherheitslücken bedrohen Gitlab
by
in SecurityNewsMehrere Software-Schwachstellen bedrohen die Community Edition und die Enterprise Edition von Gitlab. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsluecken-Entwickler-ruesten-Gitlab-gegen-unbefugte-Zugriffe-10035049.html
-
GitLab Patches HTML Injection Flaw Leads to XSS Attacks
GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address a high-s… First seen on gbhackers.com Jump to article: gbhackers.com/gitlab-patches-html-injection-flaw/
-
Internet Archive was breached twice in a month
by
in SecurityNewsThe Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet… First seen on securityaffairs.com Jump to article: securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html
-
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
by
in SecurityNewsGitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug … First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html