Critical Remote Code Execution Vulnerability Fixed by GitLab


A critical remote code execution vulnerability affecting the GitLab Community Edition (CE) and Enterprise Edition (EE) releases of the DevOps platform has been patched.

The security hole, identified as CVE-2022-2884 (CVSS 9.9/10 severity), can be used to import data from GitHub, but doing so requires authentication. An authenticated user could obtain remote code execution via the Import from GitHub API endpoint due to a vulnerability in GitLab CE/EE that affects all versions starting from 11.3.4 before 15.1.5, all versions starting from 15.2 before 15.2.3, and all versions starting from 15.3 before 15.3.1, according to an advisory from GitLab.

The business advises disabling the GitHub import feature from the ‘Visibility and access controls’ tab in the Settings menu for those who are unable to update their GitLab installations right away (using an administrator account).

Read More: GitLab Patches Critical Remote Code Execution Vulnerability

For more such updates follow us on Google News ITsecuritywire News