GitLab Patched Multiple Security Bugs, Including A Critical RCE, With Latest Releases

Heads up, GitLab users! GitLab has recently addressed multiple security bugs with the latest releases. This patch holds importance because it addresses numerous bugs, including a critical severity remote code flaw.

GitLab Patched Security Bugs

According to a recent advisory, GitLab has addressed 16 security bugs with the latest releases 15.1.1, 15.0.4, and 14.10.5.

The most important of these patches addressed a critical remote execution vulnerability affecting the Project Import feature. An adversary could exploit the bug via a maliciously crafted project to execute arbitrary codes. This vulnerability first caught the attention of the security researcher William Bowling, who then reported it to GitLab via their bug bounty program. GitLab assigned this bug, CVE-2022-2185, a severity score of 9.9.

Besides, the service also patched three high-severity flaws, which include,

  • CVE-2022-2235 (CVSS 8.7): A cross-site scripting vulnerability that an adversary could trigger by a maliciously crafted ZenTao link.
  • CVE-2022-2230 (CVSS 8.1): Another cross-site scripting vulnerability in the project settings page in GitLab CE/EE allowed executing arbitrary JavaScript codes on the target user’s behalf.
  • CVE-2022-2229 (CVSS 7.5): Due to improper authorization in GitLab CE/EE, an attacker could extract the value of an unprotected variable via names in private or public projects.

Alongside these bugs, GitLab patched 8 medium-severity flaws and 4 low-severity bugs affecting the previous releases. Different researchers found these bugs separately and reported them to GitLab via HackerOne. Whereas some of these vulnerabilities caught the attention of GitLab officials as well.

GitLab recommends users upgrade to the latest GitLab Community Edition (CE) and Enterprise Edition (EE) versions to receive the fixes.

We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
When no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients