Headline
Gitlab patches critical RCE bug in latest security release
Users are urged to update to the latest version
Users are urged to update to the latest version
Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely.
The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.
An authenticated user could import a maliciously crafted project leading to remote code execution, an advisory from GitLab reads.
The bug (CVE-2022-2185) has been patched in the latest version.
Multiple vulnerabilities
Fixes for a number of other vulnerabilities were also released in the latest version, including two separate cross-site scripting (XSS) bugs.
More details about the patched vulnerabilities can be found in the Gitlab security advisory.
The security bugs affect both GitLab Community Edition and Enterprise Edition. Gitlab has recommended users upgrade to the latest version.
The advisory reads: “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
“When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.”
YOU MAY ALSO LIKE UnRAR path traversal flaw can lead to RCE in Zimbra
Related news
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature.