Bleeping Computer

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
Business Wire

GitLab Extends Agentic AI with New Automated Security Remediation, Pipeline Setup, and Delivery Analytics

Agentic SAST Vulnerability Resolution is now generally available, automatically generating ready-to-merge code fixes and helping resolve vulnerabilities before they reach production. Two new agents in ...
Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
InfoQ

GitLab Adds AI Code Assistance with Self-Hosted GitLab 18 Release

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Bleeping Computer

GitLab: Critical bug lets attackers run pipelines as other users

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. The GitLab DevSecOps platform has ...