Categories
Newscasts

The latest in sports

Spread the news

Two major injury setbacks for the Dolphins and 49ers, an all-around performance headlines the action as two AP Top 25 team clash, the Yankees pad their lead atop the AL East while the Orioles are nearly no-hit, two potential postseason previews in the National League and more. Correspondent Gethin Coolbaugh reports.

Spread the news
Categories
Newscasts

Tatís homers, Cease strikes out 10 as Padres blank Giants 5-0

Spread the news

The Padres catch up with the Diamondbacks in the wild-card standings. AP correspondent Dave Ferry reports.

Spread the news
Categories
Newscasts

Yusei Kikuchi, Yordan Alvarez lead Astros past Angels 5-3 for Houston’s 5,000th victory

Spread the news

The Astros halt their skid and keep their 4 1/2-game lead in the AL West. AP correspondent Dave Ferry reports.

Spread the news
Categories
Newscasts

Hoskins homers, Brewers extend NL Central lead with 2-1 win over Diamondbacks

Spread the news

The Brewers drop their magic number to five for clinching the NL Central. AP correspondent Dave Ferry reports.

Spread the news
Categories
Newscasts

1AM ET 09/14/2024 Newscast

Spread the news

1AM ET 09/14/2024 Newscast
Learn more about your ad choices. Visit megaphone.fm/adchoices

Spread the news
Categories
Full Text Articles - Audio Posts

GitLab fixed a critical flaw in GitLab CE and GitLab EE

Spread the news

GitLab addressed multiple vulnerabilities impacting GitLab CE/EE, including a critical pipeline execution issue.

GitLab released security patches for 17 vulnerabilities in GitLab CE (Community Edition) and EE (Enterprise Edition).

One of these vulnerabilities is a critical pipeline execution flaw, tracked as CVE-2024-6678 (CVSS score of 9.9), that could allow an attacker to trigger a pipeline as an arbitrary user under certain circumstances.

“An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.” reads the company’s advisory. “It is now mitigated in the latest release and is assigned CVE-2024-6678.

yvvdwf reported the issue to the company through the company bug bounty program operated by HackerOne.

GitLab also fixed a high severity issue, tracked as CVE-2024-8640 (CVSS score of 8.5), in GitLab EE. An attacker can exploit the flaw to inject commands into a connected Cube server.

“An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.” reads the advisory.

joaxcar reported this vulnerability through our HackerOne bug bounty program.

The company also fixed several medium and low-severity vulnerabilities that could lead to protection bypasses, privilege escalation, unauthorized read access to private project source code, GitLab token retrieval, account takeover, and information leaks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, GitLab CE


Spread the news
Categories
Newscasts

NPR News: 09-14-2024 1AM EDT

Spread the news

NPR News: 09-14-2024 1AM EDT Learn more about sponsor message choices: podcastchoices.com/adchoices NPR Privacy Policy

Spread the news
Categories
Newscasts

VOA Newscasts

Spread the news

Give us 5 minutes, and we’ll give you the world. Around the clock, Voice of America keeps you in touch with the latest news. We bring you reports from our correspondents and interviews with newsmakers from across the world.

Spread the news
Categories
Newscasts

De La Cruz’s first big league grand slam keys Reds to 8-4 win over Twins

Spread the news

The Reds new star checks another first off his list. Correspondent Mark Meyers reports.

Spread the news
Categories
Newscasts

12AM ET 09/14/2024 Newscast

Spread the news

12AM ET 09/14/2024 Newscast
Learn more about your ad choices. Visit megaphone.fm/adchoices

Spread the news