GitLab Product Security Update Advisory

Nov 28 2024

Overview

An update has been released to address vulnerabilities in GitLab Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8114

GitLab CE/EE versions: 8.12 (inclusive) ~ 17.4.5 (excluded)
GitLab CE/EE versions: 17.5 (inclusive) ~ 17.5.3 (excluded)
GitLab CE/EE versions: 17.6 (inclusive) ~ 17.6.1 (excluded)

Resolved Vulnerabilities

Vulnerability that could allow an attacker to escalate privileges via Personal Access Token (PAT) (CVE-2024-8114)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8114

GitLab CE/EE version: 17.4.5
GitLab CE/EE version: 17.5.3
GitLab CE/EE version: 17.6.1

Referenced Sites

[1] CVE-2024-8114 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-8114

[2] GitLab Patch Release: 17.6.1, 17.5.3, 17.4.5

https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/

GitLab Product Security Update Advisory

IBM Product Security Update Advisory

ManageEngine (Analytics Plus) Product November 2024 Security Update Advisory

Tags:

IBM Product Security Update Advisory

ManageEngine (Analytics Plus) Product November 2024 Security Update Advisory