GitLab揭露高風險漏洞,未經身分驗證的攻擊者可發動XSS攻擊接管帳號
支付動態 · 2024-05-24
本週GitLab針對社群版(CE)及企業版(EE)發布更新,修補一系列漏洞,其中最值得留意的部分,是能藉由IDE工具觸發的高風險漏洞CVE-2024-4835,若不修補,攻擊者可用於洩漏使用者機密資訊
5月22日GitLab發布社群版(CE)及企業版(EE)的17.0.1、16.11.3、16.10.6更新,當中修補7個漏洞,其中有1個被列為高風險層級,而特別值得留意。
這項高風險漏洞是CVE-2024-4835,為一鍵點擊的帳號挾持漏洞,攻擊者可製作惡意網頁,在未經身分驗證的情況下,利用Visual Studio Code程式碼編輯器(網頁IDE)觸發漏洞進行跨網站指令碼(XSS)攻擊,從而洩漏使用者機敏資訊,進而有機會接管帳號,CVSS風險評為8.0分。
其餘中等層級的漏洞當中,危險程度較高的是:runner說明欄位的阻斷服務(DoS)漏洞CVE-2024-2874、K8s叢集整合的跨網站偽造請求(CSRF)漏洞CVE-2023-7045等,上述漏洞的CVSS風險評分為6.5、5.4。
Popular articles
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
British gambling levy rates confirmed for each vertical
Regulation
Indiana online casino bill stalls in House committee
Regulation
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
