Advertisement
Top

GitLab plugs critical flaw in its code repository manager software

November 7, 2016

Via: Help Net Security
Category:

GitLab (the company) has pushed out security updates for both the Community Edition (CE) and Enterprise Edition (EE) of the GitLab software, fixing a critical security flaw in the “import/export project” feature.

“This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users,” the company explained.

Read More on Help Net Security

RELATED PUBLICATIONS

Improving cyber defense with open source SIEM and XDR
NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
Google, Apple gear to raise tracking tag stalker alarm

Latest Publications

Improving cyber defense with open source SIEM and XDR
FBI takes down BreachForums ransomware website and Telegram channel
NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!