GitLab Multiple Vulnerabilities

GitLab Multiple Vulnerabilities

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, cross-site scripting, remote code execution, denial of service condition and security restriction bypass on the targeted system.

Impact

Information Disclosure
Cross-Site Scripting
Security Restriction Bypass
Denial of Service
Remote Code Execution

System / Technologies affected

GitLab Community Edition (CE) versions prior to 15.3.2, 15.2.4, and 15.1.6
GitLab Enterprise Edition (EE) versions prior to 15.3.2, 15.2.4, and 15.1.6

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

The vendor has issued a fix
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/

Read More