GitLab’s recent security patches address critical vulnerabilities, particularly in the Enterprise Edition. The most concerning vulnerability relates to prompt injection attacks within GitLab Duo’s review feature, allowing attackers to exploit hidden prompts in merge request comments. This flaw can lead to the leakage of sensitive information from confidential issues, significantly impacting data security across various organizations.
Additionally, GitLab patched several other vulnerabilities, including a cross-site scripting (XSS) issue in the Kubernetes proxy and authorization bypass in workflows that could jeopardize workflow integrity. Information disclosure vulnerabilities also pose a threat as attackers can access sensitive data through different channels, including GraphQL subscriptions and access control weaknesses. As these vulnerabilities can severely affect customer security, GitLab is urging users to prioritize immediate upgrades to protect their data.
👉 Pročitaj original: Cyber Security News
