CVE-2024-6356

Summary

CVE-2024-6356 is a vulnerability affecting GitLab Enterprise Edition (EE). This issue, present in all versions of GitLab EE starting from 16.0 to 17.2.2, enables the Security policy bot to gain cross-project access. This means an attacker could potentially manipulate security policies across multiple projects, posing a significant risk to data confidentiality and integrity. GitLab urges users to update to the latest versions, 17.0.6, 17.1.4, and 17.2.2, to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.