GitLab修補重大層級的管道執行漏洞
支付動態 · 2024-09-16
本月GitLab推出重要修補更新,一口氣緩解17個漏洞,其中被評為重大層級的CVE-2024-6678相當值得留意,原因是該漏洞涉及自動化工作Pipeline
上週GitLab發布社群版(CE)及企業版(EE)17.3.2、17.2.5、17.1.7版更新,總共修補17個漏洞,其中最值得留意的是被列為重大層級的CVE-2024-6678,此漏洞影響8.14以後的版本,允許攻擊者在特定的環境下,以任意使用者觸發自動化工作Pipeline機制,CVSS風險評為9.9分(滿分10分)。
值得留意的是,針對能濫用Pipeline機制的漏洞,GitLab已在6月、7月修補相關漏洞。今年6月,他們修補了CVE-2024-5655,隔月緩解CVE-2024-6385,這兩個漏洞皆為重大層級,CVSS風險評分為9.6。
附帶一提的是,這次GitLab也公布4個高風險漏洞,分別是:CVE-2024-8124、CVE-2024-8635、CVE-2024-8640、CVE-2024-8641,CVSS評分介於6.7至8.5。
Popular articles
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Kazakhstan plans to penalise online casino promotions
Regulation
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
