Security
Headlines
HeadlinesLatestCVEs

Headline

Gitlab patches critical RCE bug in latest security release

Users are urged to update to the latest version

PortSwigger
#xss#vulnerability#git#rce#auth

Users are urged to update to the latest version

Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely.

The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.

An authenticated user could import a maliciously crafted project leading to remote code execution, an advisory from GitLab reads.

The bug (CVE-2022-2185) has been patched in the latest version.

Multiple vulnerabilities

Fixes for a number of other vulnerabilities were also released in the latest version, including two separate cross-site scripting (XSS) bugs.

More details about the patched vulnerabilities can be found in the Gitlab security advisory.

The security bugs affect both GitLab Community Edition and Enterprise Edition. Gitlab has recommended users upgrade to the latest version.

The advisory reads: “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.

“When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.”

YOU MAY ALSO LIKE UnRAR path traversal flaw can lead to RCE in Zimbra

Related news

CVE-2022-2185: 2022/CVE-2022-2185.json · master · GitLab.org / cves · GitLab

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature.

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig