Security News > 2022 > August > GitLab ‘strongly recommends’ patching critical RCE vulnerability
GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.
The latest GitLab versions that address the problem are 15.3.1, 15.2.3, and 15.1.5, which users are advised to upgrade to immediately.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," mentions GitLab's release announcement.
If it's not possible to install the security updates for whatever reason, GitLab recommends applying a workaround consisting of disabling GitHub import, a tool used for importing entire software projects from GitHub to GitLab.
Log in using an administrator account to your GitLab installation.
For instructions on how to update your GitLab installation, check out the project's official updating portal.
News URL
Related news
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)