Latest GitLab news

GitLab affected by GitHub-style CDN flaw allowing malware hosting

BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion.
- Ax Sharma
- April 22, 2024
- 11:05 AM
- 0
Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
- Bill Toulas
- January 24, 2024
- 12:55 PM
- 3
GitLab warns of critical zero-click account hijacking vulnerability

GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
- Bill Toulas
- January 12, 2024
- 12:54 PM
- 0
GitLab urges users to install security updates for critical pipeline flaw

GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
- Bill Toulas
- September 19, 2023
- 01:06 PM
- 0
GitLab 'strongly recommends' patching max severity flaw ASAP

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
- Bill Toulas
- May 24, 2023
- 03:25 PM
- 0
GitLab ‘strongly recommends’ patching critical RCE vulnerability

GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.
- Bill Toulas
- August 24, 2022
- 03:15 PM
- 0
GitLab security update fixes critical account take over flaw

GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.
- Bill Toulas
- June 03, 2022
- 09:55 AM
- 0
Critical GitLab vulnerability lets attackers take over accounts

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.
- Sergiu Gatlan
- April 01, 2022
- 10:52 AM
- 0
New Cerber ransomware targets Confluence and GitLab servers

Cerber ransomware is back, as a new ransomware family adopts the old name and targets Atlassian Confluence and GitLab servers using remote code execution vulnerabilities.
- Lawrence Abrams
- December 07, 2021
- 01:19 PM
- 0
Over 30,000 GitLab servers still unpatched against critical bug

A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched.
- Bill Toulas
- November 02, 2021
- 01:46 PM
- 0
GitHub Actions being actively abused to mine cryptocurrency on GitHub servers

GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code.
- Ax Sharma
- April 03, 2021
- 05:49 AM
- 2
GitLab Backtracks on Forced Tracking After Negative Feedback

GitLab, the provider of a web-based DevOps platform, reversed course on its decision to implement product usage tracking in the form of third-party telemetry for paying customers who use the company's proprietary products.
- Sergiu Gatlan
- October 24, 2019
- 03:58 PM
- 0
Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes

Attackers are targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories according to reports and leaving behind only a ransom note and a lot of questions.
- Sergiu Gatlan
- May 03, 2019
- 05:42 PM
- 0
GitLab Goes Down After Employee Deletes the Wrong Folder

GitLab.com, a web service for hosting and syncing source code, similar to GitHub, has gone down last night at around 18:00 ET, January 31, and after 11 hours, at the time of publishing, the website is still down.
- Catalin Cimpanu
- February 01, 2017
- 05:06 AM
- 2