GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

GitLab addressed arbitrary pipeline execution vulnerabilities multiple times this year, including CVE-2024-6678 last month, CVE-2024-6385 in July, and CVE-2024-5655 in June, all rated critical.

GitLab has upgraded its Community and Enterprise editions to fix a critical vulnerability which allowed malicious actors to run pipeline jobs as any other platform user. In its patch release notes ...