July 2, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Latest Version of Hijack Loader Malware Uses Process Hollowing and UAC Bypass – Active IOCs
May 9, 2024
CVE-2024-28148 – Apache Superset Vulnerability
May 9, 2024
Latest Version of Hijack Loader Malware Uses Process Hollowing and UAC Bypass – Active IOCs
May 9, 2024
CVE-2024-28148 – Apache Superset Vulnerability
May 9, 2024
Severity
Medium
Analysis Summary
CVE-2023-6477 CVSS:6.7
GitLab EE could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-3509 CVSS:6.1
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to change the title of privately accessible deploy keys associated with projects in the group.
CVE-2024-1525 CVSS:5.3
GitLab Community and Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the password reset feature. By sending a specially crafted request using verified secondary email address, an attacker could exploit this vulnerability to reset the password and sign-in using direct authentication.
CVE-2024-0410 CVSS:7.7
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request using a merge conflict, an attacker could exploit this vulnerability to bypass CODEOWNERS approvals.
CVE-2023-4895 CVSS:4.3
GitLab Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information, caused by a group ip restriction settings bypass flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain environment details information of projects, and use this information to launch further attacks against the affected system.
CVE-2024-0861 CVSS:4.3
GitLab Enterprise Edition could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to change Custom dashboard projects settings.
Impact
- Privilege Escalation
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2023-6477
- CVE-2023-3509
- CVE-2023-4895
- CVE-2024-0861
- CVE-2024-1525
- CVE-2024-0410
Affected Vendors
GitLab
Affected Products
- GitLab Enterprise Edition 12.0
- GitLab Enterprise Edition 16.5.0
- GitLab Enterprise Edition 16.4.0
- GitLab Community Edition 16.8.0
- GitLab GitLab 16.8
- GitLab GitLab 16.9
- GitLab Enterprise Edition 16.8
- GitLab Enterprise Edition 16.9
- GitLab Enterprise Edition 16.1.0
- GitLab Community Edition 16.1.0
- GitLab Community Edition 16.9
- GitLab GitLab 15.1
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.