Numerous severe security issues have been remediated by GitLab, Citrix, and VMware in updates to several of their products, reports The Hacker News.
Aside from addressing a medium severity vulnerability enabling URL alterations for a group namespace, tracked as CVE-2024-5257, GitLab has also issued a fix for the critical flaw in GitLab Community Edition and Enterprise Edition software, tracked as CVE-2024-6385, which could be leveraged for arbitrary pipeline job execution. Patches have also been provided by Citrix to address a critical improper authentication bug in NetScaler Agent, NetScaler Console, and NetScaler SDX, tracked as CVE-2024-6235. On the other hand, VMware has released updates to fix a critical bug in Aria Automation, tracked as CVE-2024-22280, and a medium severity injection flaw in Cloud Director, tracke as CVE-2024-22277. Such developments come amid a new joint FBI and Cybersecurity and Infrastructure Security Agency bulletin calling for immediate vendor action against operating system command injection vulnerabilities.