26
Ago 2022
Vulnerability Alert - GitLab
TYPE
Vulnerabilities
SYSTEMS AFFECTED
GitLab CE/EE versions prior to 15.3.1, 15.2.3 and 15.1.5
ECOSYSTEM
Other
Description
GitLab released a new version of GitLab CE/EE to solve a critical RCE vulnerability (CVE-2022-2884) affecting all versions starting from 11.3.4 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1.
Impact
It allows an authenticated user to achieve remote code execution.
Resolution
It is recommended that all installations are upgraded to the latest version.
If it’s unachievable to upgrade right away, it’s recommended to secure the GitLab installation against this vulnerability using the workaround mentioned in [1].
References