September 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Google Chrome Vulnerabilities
October 1, 2024
Cobalt Strike Malware – Active IOCs
October 1, 2024
Multiple Google Chrome Vulnerabilities
October 1, 2024
Cobalt Strike Malware – Active IOCs
October 1, 2024
Severity
Medium
Analysis Summary
CVE-2024-4278 CVSS:5.5
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
CVE-2024-4099 CVSS:3.1
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-4278
- CVE-2024-4099
Affected Vendors
GitLab
Affected Products
- GitLab - 16.5
- GitLab - 16.0 - 17.3 - 17.4
Remediation
Refer to GitLab Website for patch, upgrade or suggested workaround information.