CVE-2023-2478 - How Unauthorized Users Can Attach Malicious Runners in GitLab Projects
Published: June 2024
Severity: Critical
Affected Platforms: GitLab CE/EE
Impact: Malicious code execution, supply chain compromise
CISA Alert: cisa.gov
What is CVE-2023-2478?
CVE-2023-2478
CVE-2018-17537 - Stored XSS in GitLab via package.json – How It Worked and Why It Mattered
GitLab is one of the world’s most popular platforms for hosting Git repositories and supporting DevOps workflows. But even powerful and trusted tools are
CVE-2018-17536 - How a Stored XSS on GitLab Merge Requests Was Possible via Project Import (With Exploit Details)
In 2018, a serious security issue—CVE-2018-17536—was discovered in GitLab, one of the world’s most widely used code collaboration platforms. This vulnerability affected
CVE-2018-17452 - Exploiting SSRF via validate_localhost in GitLab (with Code and Full Details)
In 2018, researchers discovered a critical security bug in multiple versions of GitLab: CVE-2018-17452. This weakness allows Server-Side Request Forgery (SSRF) by bypassing protections that
CVE-2018-17453 - Stealing GitLab Access Tokens From Sentry Logs via gRPC::Unknown Exception
In late 2018, a serious vulnerability—CVE-2018-17453—was found in GitLab Community and Enterprise Editions. This bug put some access tokens at risk, potentially allowing
Episode
00:00:00
00:00:00