Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-3441 CVSS:6.6

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.

CVE-2024-5005 CVSS:4.3

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information. By using API, an attacker could exploit this vulnerability to disclose project templates.

Impact

Information Disclosure

Indicators of Compromise

CVE

CVE-2023-3441
CVE-2024-5005

Affected Vendors

GitLab

Affected Products

GitLab Community Edition (CE) and Enterprise Edition (EE) - 17.4.1
GitLab Community Edition (CE) and Enterprise Edition (EE) - 17.3.4
GitLab Community Edition (CE) and Enterprise Edition (EE) - 17.2.8
GitLab - 8.0

Remediation

Upgrade to the latest version of GitLab, available from the GitLab Website.

CVE-2023-3441

CVE-2024-5005

RedLine Stealer – Active IOCs

LokiBot Malware – Active IOCs

Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan