Skip to content

Newsroom

Latest news

GitLab Fixes Security Flaw That Lets Attackers Run Pipeline Jobs

Contrast Security CISO David Lindner said this vulnerability is something administrators need to take notice of, and heed GitLab’s advice to upgrade immediately.

“This is REALLY bad, as it effectively turns off access controls for running pipelines, which is the lifeblood of moving software from development to production,” Lindner wrote in an email. “This vulnerability could allow unauthorized users to execute pipeline jobs as any other user, which in turn could enable attackers to run malicious code, access sensitive data and compromise software integrity.”

Read more circle-chevron-right-icon

Unauthorized content alteration bug found in NSA platform

The U.S. National Security Agency's open-source SkillTree training platform on GitHub has been impacted by a medium severity cross-site request forgery vulnerability, tracked as CVE-2024-39326, which could be leveraged to facilitate unauthorized modifications of training content, SiliconAngle reports.

Read more circle-chevron-right-icon

GitLab patches 2nd critical pipeline vulnerability in last month

The critical vulnerabilities CVE-2024-6385 and CVE-2024-5655 could put developers’ projects at risk by enabling attackers to “run malicious code, access sensitive data and compromise software integrity,” Contrast Security CISO David Lindner told SC Media.

“This is REALLY bad, as it effectively turns off access controls for running pipelines, which is the lifeblood of moving software from development to production,” Lindner sai

Read more circle-chevron-right-icon

Recent press releases

10/23/2024

Contrast Security Launches Managed Application Security
Read more arrow-right-tertiary

10/09/2024

Contrast Security Appoints Former Splunk VP Faya Peng as General Manager of Application Detection and Response
Read more arrow-right-tertiary

08/13/2024

Contrast Security Application Detection and Response (ADR) Praised by Industry Analysts for Addressing Gap in Cybersecurity Defenses
Read more arrow-right-tertiary

Award and recognition

'Best in Show' in Software Development

Read more arrow-right-tertiary

Contrast Security’s Developer Portal Named a DevPortal Awards 2022 Finalist for Best Onboarding

Read more arrow-right-tertiary

Contrast Security Makes Its Debut on the Inc. 5000 List of America’s Fastest Growing Companies

Read more arrow-right-tertiary

Secure your apps and APIs from within

Schedule a one-to-one demo to see what Contrast Runtime Security can do for you.