GitLab releases emergency security patch, tells users to update immediately


GitLab has published a fix for a critical security vulnerability found in two of its products, with users told to apply the patch immediately.
GitLab is a DevOps software package allowing users to develop, secure, and operate software used by developer teams that need to manage their code remotely, and has some 30 million registered users, including a million paying customers.
The company recently discovered a path traversal flaw, tracked as CVE-2023-2825. This vulnerability allows unauthenticated attackers to read arbitrary files on the server, when certain conditions are met. As a result, threat actors could read sensitive data such as proprietary software code, user credentials, and more, from vulnerable endpoints. No more details are available at this time, with GitLab saying it would say more a month after the patch.
Silver lining
The flaw was given a severity score of 10/10, and was found in GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. Not all older versions are affected, but GitLab still recommends users apply the fix and bring the tools up to version 16.0.1.
“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” GitLab said in a security advisory, published together with the fix. “When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.”
To exploit the flaw, there needs to be an attachment in a public project nested within at least five groups, the researchers said. The silver lining here is that this isn’t the structure found in all GitHub projects. Nevertheles, the company urged everyone to apply the fix, as there are no workarounds for the flaw, and there’s simply too much at stake.
To update the GitLab installation, user should follow the instructions found here.
- To keep your premises secure, make sure to grab one of the best firewalls right now
Via: BleepingComputer
GitLab has published a fix for a critical security vulnerability found in two of its products, with users told to apply the patch immediately. GitLab is a DevOps software package allowing users to develop, secure, and operate software used by developer teams that need to manage their code remotely, and…
Recent Posts
- The 7 Best Prime Day Action Camera Deals for Thrill Seekers (2025)
- Qantas confirms 5.7 million customers impacted by data breach
- Conspiracy theorists are blaming flash floods on cloud seeding — it has to stop
- A Republican state attorney general is formally investigating why AI chatbots don’t like Donald Trump
- I love this Hoto mini electric screwdriver, and it’s cheaper than ever for Prime Day
Archives
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022