RedLine Stealer – Active IOCs

January 2, 2025

LokiBot Malware – Active IOCs

January 3, 2025

Multiple GitLab Products Vulnerabilities

January 2, 2025

Severity

Medium

Analysis Summary

CVE-2023-3441 CVSS:6.6

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.

CVE-2024-5005 CVSS:4.3

GitLab Community Edition and Enterprise Edition could allow a remote authenticated attacker to obtain sensitive information. By using API, an attacker could exploit this vulnerability to disclose project templates.

Impact

Information Disclosure

Indicators of Compromise

CVE

CVE-2023-3441
CVE-2024-5005

Affected Vendors

GitLab

Affected Products

GitLab Community Edition (CE) and Enterprise Edition (EE) - 17.4.1
GitLab Community Edition (CE) and Enterprise Edition (EE) - 17.3.4
GitLab Community Edition (CE) and Enterprise Edition (EE) - 17.2.8
GitLab - 8.0

Remediation

Upgrade to the latest version of GitLab, available from the GitLab Website.

CVE-2023-3441

CVE-2024-5005

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

NCSC Alerts on Fortinet Malware

Confucius APT Resurfaces with Stealthy Anondoor Backdoor Framework – Active IOCs

Apache CloudStack Privilege Escalation Flaw

Threat Insights

About Us

Our Leadership

CSR

Connect with Us