Gitlab has released corrective updates for its platform aimed at organizing joint development. The updates, Gitlab 15.11.2, 15.10.6, and 15.9.7, have eliminated a critical vulnerability (CVE-2023-2478) that allows authenticated users to attach their own runner-cutter, an application for assembling project code in the continuous integration system, to any project on the same server using manipulations from API Graphql.
Although details of the operation are yet to be given, the vulnerability was reported to Gitlab as part of their vulnerability detection reward program. The updates have effectively addressed the issue, securing the platform against the malicious attachments.
Gitlab is a popular platform for joint development, offering unique features for enhancing team collaboration and project management. The recent vulnerability fix ensures continued security for developers and project stakeholders using Gitlab.