Headline
GitLab patches critical remote code execution bug
Update now to protect against security vulnerability
Update now to protect against security vulnerability
GitLab has issued a security update to address a critical vulnerability that could lead to remote code execution (RCE).
The vulnerability could allow an authenticated user to achieve remote code execution via the ‘Import from GitHub API’ endpoint, an advisory from GitLab reads.
Tracked as CVE-2022-2884, the security issue is present in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 11.3.4 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1.
Read more of the latest news about security vulnerabilities
It has since been patched, as GitLab urges all users to update to the latest version.
“These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version,” the blog post reads.
It was reported to GitLab by ‘yvvdwf’ through HackerOne’s bug bounty program.
Other updates
In addition to the critical security patches, version 15.3, released yesterday (August 22), also contains a number of usability and UI improvements as well as more complex password requirements for GitLab accounts.
YOU MAY ALSO LIKE Vulnerability in open source identity management system Free IPA could lead to XXE attacks
Related news
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Data importation mechanism failed to sanitize imports
Categories: Exploits and vulnerabilities Categories: News Tags: GitLab Tags: RCE Tags: CVE-2022-2884 Tags: GitHub Tags: import GitLab has released important security fixes to patch for an RCE vulnerability, known as CVE-2022-2884. (Read more...) The post Update now! GitLab issues critical security release for RCE vulnerability appeared first on Malwarebytes Labs.
DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3,