TRIAGE Critical Alert - GitLab Critical Flaw in Community and Enterprise Editions

TRIAGE Critical Alert - GitLab Critical Flaw in Community and Enterprise Editions

TRIAGE

A few weeks after the last critical vulnerabilities were discovered, GitLab releases fixes for another critical security flaw (CVSS 9.9) in the Community Edition and Enterprise Editions. Patch immediately to the latest editions if you are running either edition locally. Gitlab.com and GitLab Dedicated have already been updated to the latest versions.

Area of Impact

Per GitLab's latest Security release page:

Today we are releasing versions 16.8.1, 16.7.4, 16.6.6, 16.5.8 for GitLab Community Edition (CE) and Enterprise Edition (EE). We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.

Overview

From the NVD:

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

Recommendation

Update to the latest versions if you are running an older version of either Community Edition or Enterprise Edition software.

Sources:

Hacker News

GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8

CVE Database

CVE-2024-0402 Detail

要查看或添加评论,请登录

James Beal的更多文章

社区洞察

其他会员也浏览了