Multiple GitLab CE and EE Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-8237 CVSS:6.5

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

CVE-2024-11668 CVSS:4.2

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.

Impact

Denial of Service
Security Bypass

Indicators of Compromise

CVE

CVE-2024-8237
CVE-2024-11668

Affected Vendors

GitLab

Affected Products

GitLab - 17.5.1
GitLab - 17.6
GitLab - 12.6 - 17.5 - 17.6
GitLab - 16.11

Remediation

Upgrade to the latest version of GitLab, available from the GitLab Website.

CVE-2024-8237

CVE-2024-11668

Multiple Google Chrome Vulnerabilities

New Malware and Infrastructure Targeting Critical National Infrastructure by Threat Actors – Active IOCs

Multiple GitLab CE and EE Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan