PTA Warns Against Serious Security Flaws Found in GitLab

The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity advisory alerting organizations and developers to multiple high-risk vulnerabilities identified in GitLab Community Edition (CE) and Enterprise Edition (EE). The advisory warns that these flaws affect a wide range of GitLab versions, from 8.0 up to those released before 17.4.2, and pose a significant threat to information security.

According to the PTA, two major vulnerabilities, CVE-2023-3441 and CVE-2024-5005, have been discovered in GitLab’s products. The first, CVE-2023-3441, involves insufficient security warnings when users are granted merge rights to protected branches, potentially increasing the risk of unauthorized changes in critical project code. The second, CVE-2024-5005, enables remote authenticated attackers to exploit the GitLab API, allowing the disclosure of sensitive project information such as templates.

The vulnerabilities have been classified as “high severity” and fall under the threat category of information disclosure. Cybersecurity experts warn that these issues could be exploited to compromise organizational data, especially in environments relying on GitLab for software development and version control. Attackers exploiting these flaws may gain unauthorized access to protected project data, putting intellectual property and sensitive operations at risk.

The PTA has strongly recommended that all GitLab users upgrade immediately to the latest versions made available on GitLab’s official website. Patches resolving the identified issues were released on October 9, 2024, including version 17.4.2, which addresses both CVEs. Failure to apply these updates may leave systems exposed to exploitation and unauthorized data access.

According to the PTA, regular system updates and timely application of security patches are essential for maintaining robust cybersecurity defenses. Organizations using GitLab are urged to review their current installations, apply the recommended upgrades, and adopt proactive security practices to prevent attackers from leveraging known vulnerabilities.

Share This Information

DIGITILIZATION

IS IN OUR DNA.