GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.

Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.