TapTechNews May 24th news, the open-source code hosting platform GitLab released an announcement yesterday, fixing 1 high-risk and 6 medium-risk vulnerabilities and urging users to upgrade to the latest version as soon as possible.
The high-risk vulnerability tracking number of this announcement is CVE-2024-4835, which exists in the VS Code editor (WebIDE). By using this vulnerability with cross-site scripting (XSS), attackers can completely take over user accounts. This kind of attack does not require authentication, but still requires user interaction, thereby increasing the complexity of the attack.
TapTechNews translated part of the GitLab announcement as follows
We have released versions 17.0.1, 16.11.3 and 16.10.6 of the GitLab Community Edition (CE) and Enterprise Edition (EE) today.
These versions contain important bug and security fixes, and we strongly recommend that all GitLab users install and upgrade to these versions immediately.