Bleeping Computer

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
Bleeping Computer

GitLab: Critical bug lets attackers run pipelines as other users

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. The GitLab DevSecOps platform has ...
InfoWorld

GitLab unveils GitLab 17, AI for devsecops

GitLab Duo Enterprise will bring AI assistance to finding and fixing vulnerabilities and other aspects of the software development life cycle. GitLab has unveiled GitLab 17, a major update of its ...
Business Wire

GitLab Recognized as Leader by Independent Research Firm in DevOps Platforms Report

SAN FRANCISCO--(BUSINESS WIRE)--All Remote - GitLab Inc., the most comprehensive, intelligent DevSecOps platform, today announced it has been named a Leader by Forrester Research in The Forrester ...
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
Ars Technica

Researchers cause GitLab AI developer assistant to turn safe code malicious

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a ...