Security News > 2022 > August > GitLab ‘strongly recommends’ patching critical RCE vulnerability
GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.
The latest GitLab versions that address the problem are 15.3.1, 15.2.3, and 15.1.5, which users are advised to upgrade to immediately.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," mentions GitLab's release announcement.
If it's not possible to install the security updates for whatever reason, GitLab recommends applying a workaround consisting of disabling GitHub import, a tool used for importing entire software projects from GitHub to GitLab.
Log in using an administrator account to your GitLab installation.
For instructions on how to update your GitLab installation, check out the project's official updating portal.
News URL
Related news
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)