GitLab CE/EE Product Security Update Advisory (CVE-2024-0199, CVE-2024-1299)

Mar 08 2024

Overview

An update has been made available to address a vulnerability in the GitLab CE/EE product. users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-0199

GitLab CE/EE 11.3 or later and prior to 16.7.7
GitLab CE/EE 16.7.6 or later and prior to 16.8.4
GitLab CE/EE 16.8.3 or later and prior to 16.9.2

CVE-2024-1299

GitLab CE/EE 16.8 or later and prior to 16.8.4
GitLab CE/EE 16.9 or later and prior to 16.9.2

Resolved Vulnerabilities

Privilege bypass vulnerability that could bypass CODEOWNERS by leveraging a payload created in a feature branch(CVE-2024-0199)

Vulnerability that could allow rotation of manage_group_access_tokens with owner privileges if a custom role exists (CVE-2024-1299)

Vulnerability Patches

vulnerability patches were made available in the March 6, 2024 update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

GitLab CE/EE versions 16.9.2, 16.8.4, and 16.7.7

Referenced Sites

[1] CVE-2024-0199 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-0199
[2] CVE-2024-1299 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-1299
[3] GitLab Security Release: 16.9.2, 16.8.4, 16.7.7
https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/

GitLab CE/EE Product Security Update Advisory (CVE-2024-0199, CVE-2024-1299)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

WiseHub Systems Product Security Action Recommendations

Apple Family March 2024 1st Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

WiseHub Systems Product Security Action Recommendations

Apple Family March 2024 1st Security Update Advisory