Serial number: AV24-025
Date: January 12, 2024
On January 11, 2024, GitLab published a security advisory to address critical vulnerabilities in the following products:
- GitLab Community Edition (CE) – multiple versions
- GitLab Enterprise Edition (EE) – multiple versions
Exploitation of some of these vulnerabilities could allow for the impersonation of legitimate users or full system compromise.
Open-source reporting has indicated that proof-of-concept exploit code is available for this vulnerability.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.