Connect with us

Cyber Security

Gitlab patches critical RCE bug in latest security release

Published

on

Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely.

The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.

An authenticated user could import a maliciously crafted project leading to remote code execution, an advisory from GitLab reads.

The bug (CVE-2022-2185) has been patched in the latest version.

Multiple vulnerabilities

Fixes for a number of other vulnerabilities were also released in the latest version, including two separate cross-site scripting (XSS) bugs.

More details about the patched vulnerabilities can be found in the Gitlab security advisory.

The security bugs affect both GitLab Community Edition and Enterprise Edition. Gitlab has recommended users upgrade to the latest version.

The advisory reads: “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.

“When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.”

Source: https://portswigger.net/daily-swig/gitlab-patches-critical-rce-bug-in-latest-security-release

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO