GitLab Multiple Vulnerabilities
Release Date: 4 May 2022
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure, data manipulation, security restriction bypass and cross-site scripting on the targeted system.
Impact
- Denial of Service
- Information Disclosure
- Security Restriction Bypass
- Cross-Site Scripting
- Data Manipulation
System / Technologies affected
- GitLab Community Edition (CE) versions prior to 14.10.1, 14.9.4 and 14.8.6
GitLab Enterprise Edition (EE) versions prior to 14.10.1, 14.9.4 and 14.8.6
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
- The vendor has issued a fix
https://about.gitlab.com/releases/2022/05/02/security-release-gitlab-14-10-1-released/
Vulnerability Identifier
- CVE-2022-1124
- CVE-2022-1352
- CVE-2022-1406
- CVE-2022-1413
- CVE-2022-1416
- CVE-2022-1417
- CVE-2022-1423
- CVE-2022-1426
- CVE-2022-1428
- CVE-2022-1431
- CVE-2022-1433
- CVE-2022-1460
- CVE-2022-1510
沒有留言:
發佈留言