Security News > 2022 > August > GitLab ‘strongly recommends’ patching critical RCE vulnerability
![GitLab ‘strongly recommends’ patching critical RCE vulnerability](/static/build/img/news/gitlab-strongly-recommends-patching-critical-rce-vulnerability-medium.jpg)
GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.
The latest GitLab versions that address the problem are 15.3.1, 15.2.3, and 15.1.5, which users are advised to upgrade to immediately.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," mentions GitLab's release announcement.
If it's not possible to install the security updates for whatever reason, GitLab recommends applying a workaround consisting of disabling GitHub import, a tool used for importing entire software projects from GitHub to GitLab.
Log in using an administrator account to your GitLab installation.
For instructions on how to update your GitLab installation, check out the project's official updating portal.
News URL
Related news
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
- PHP fixes critical RCE flaw impacting all versions for Windows (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application (source)
- Critical GitLab bug lets attackers run pipelines as any user (source)
- New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (source)