Bleeping Computer

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
Bleeping Computer

GitLab warns of critical arbitrary branch pipeline execution flaw

GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. The vulnerability, ...
InfoQ

GitLab Release Brings Protected Container Repositories; Fixes XSS Vulnerability

GitLab has announced the release of version 17.8, which has significant security enhancements, new container repository features, machine learning capabilities, and better deployment tracking. The ...
Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
TechRadar

Security researcher uncovers 17,000 secrets in public GitLab repositories

Researcher Luke Marshall found 17,000 exposed secrets in GitLab Cloud repositories Leaked credentials risk hijacks, cryptomining, and deeper infrastructure compromise Marshall automated scans, earned ...
heise online

Cloud Native: Reusable CI/CD pipelines with GitLab

In many organizations, software teams develop their own CI/CD pipelines to handle recurring tasks such as code checkout, testing, scanning, build and deployment. This individualized approach often ...