Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-4006 CVSS:4.3

GitLab Community Edition (CE) and Enterprise Edition (EE) could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in Personal Access Token scopes. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-4024 CVSS:7.3

GitLab Community Edition (CE) and Enterprise Edition (EE) could allow a remote authenticated attacker to gain elevated privileges on the system. By using Bitbucket as an OAuth provider, an attacker could exploit this vulnerability to perform account takeover.

Impact

Privilege Escalation
Information Disclosure

Indicators of Compromise

CVE

CVE-2024-4006
CVE-2024-4024

Affected Vendors

GitLab

Affected Products

GitLab Community Edition 16.11.0
GitLab Community Edition 16.10.3
GitLab Community Edition 16.9.5
GitLab Enterprise Edition 16.9.5
GitLab Enterprise Edition 16.10.3
GitLab Enterprise Edition 16.11.0

Remediation

Refer to GitLab Website for patch, upgrade, or suggested workaround information.

GitLab Website

R00TK1T’s Digital Onslaught: Unleashing Chaos on Pakistan

ANONYMOUS Group Initiates DDoS Attacks on Saudi Arabian Websites

Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan