Cyber Security

Gitlab patches critical RCE bug in latest security release

Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely.

The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.

An authenticated user could import a maliciously crafted project leading to remote code execution, an advisory from GitLab reads.

The bug (CVE-2022-2185) has been patched in the latest version.

Multiple vulnerabilities

Fixes for a number of other vulnerabilities were also released in the latest version, including two separate cross-site scripting (XSS) bugs.

More details about the patched vulnerabilities can be found in the Gitlab security advisory.

The security bugs affect both GitLab Community Edition and Enterprise Edition. Gitlab has recommended users upgrade to the latest version.

The advisory reads: “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.

“When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.”

Source: https://portswigger.net/daily-swig/gitlab-patches-critical-rce-bug-in-latest-security-release

Click to comment

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version