Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

GitLab patches critical remote code execution bug

GitLab has issued a security update to address a critical vulnerability that could lead to remote code execution (RCE).

The vulnerability could allow an authenticated user to achieve remote code execution via the ‘Import from GitHub API’ endpoint, an advisory from GitLab reads.

Tracked as CVE-2022-2884, the security issue is present in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 11.3.4 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1.

It has since been patched, as GitLab urges all users to update to the latest version.

“These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version,” the blog post reads.

It was reported to GitLab by ‘yvvdwf’ through HackerOne’s bug bounty program.

Other updates

In addition to the critical security patches, version 15.3, released yesterday (August 22), also contains a number of usability and UI improvements as well as more complex password requirements for GitLab accounts.

Source: https://portswigger.net/daily-swig/gitlab-patches-critical-remote-code-execution-bug

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO