Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
Bleeping Computer

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
Bleeping Computer

GitLab warns of critical arbitrary branch pipeline execution flaw

GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. The vulnerability, ...
CSOonline

Gitlab fixes bug that exploited internal policies to trigger hostile pipelines

Gitlab has released two patched releases, 16.2.7 and 16.3.4 for the Enterprise (EE) and Community (CE) editions of the DevOps platform in response to a critical severity bug discovered through its ...
Nasdaq

GitLab (GTLB) Expands AI Momentum With Latest Duo Updates

GitLab GTLB recently announced updates to GitLab Duo, including the beta of GitLab Duo Chat, which will be available in the GitLAb 16.6 November product release. GitLab Duo increases team ...
InfoWorld

GitLab Enterprise 9 tweaks user management, application monitoring

The new features show GitLab remaining as interested in the full lifecycle of software development as it is in code hosting GitLab, open source competitor to GitHub and Bitbucket, has rolled out ...