1.0 Introduction
Recently, GitLab has released an important security patch, prior version to 16.10.10, for both GitLab Community Edition (CE) and Enterprise Edition (EE).
2.0 Impact
The vulnerabilities could allow an attacker to exploit GitLab instances to gain access to sensitive data or perform unauthorized actions. This may result in the compromise of user data, code repositories, or other critical infrastructure managed through GitLab.
3.0 Affected system/product/version
- Multiple version of GitLab CE/EE
4.0 Recommendations
CyberSecurity Malaysia strongly encourages GitLab users and administrators to upgrade to latest version as soon as possible to mitigate the risk of exploitation. The following update instructions are available on GitLab’s official website:
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Users are also advised to review and follow GitLab’s https://about.gitlab.com/releases/categories/releases/
Cyber999 advises users to stay updated with the latest security patches and announcements from GitLab to ensure their systems remain secure. Additionally, implementing best practices in securing GitLab instances, such as access control and regular backups, is highly recommended.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web:
https://www.mycert.org.my
5.0 References