Bleeping Computer

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
InfoWorld

GitLab 14.8 adds security approval policies, extends SSH support

Update to the GitLab devops platform introduces chainable security approval policies as the replacement for the deprecated Vulnerability-Check feature. Newly arrived GitLab 14.8 updates the software ...
Bleeping Computer

GitLab: Critical bug lets attackers run pipelines as other users

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. The GitLab DevSecOps platform has ...