Ir para conteúdo

Vulnerability Alert - GitLab

TYPE
Vulnerabilities
SYSTEMS AFFECTED
GitLab CE/EE versions prior to 15.3.1, 15.2.3 and 15.1.5
ECOSYSTEM
Other
Descrição

GitLab released a new version of GitLab CE/EE to solve a critical RCE vulnerability (CVE-2022-2884) affecting all versions starting from 11.3.4 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1.

 

Impacto

It allows an authenticated user to achieve remote code execution.

 

Resolução

It is recommended that all installations are upgraded to the latest version. 
If it’s unachievable to upgrade right away, it’s recommended to secure the GitLab installation against this vulnerability using the workaround mentioned in [1].

Referências
Last updated on 07-09-2022