Security News > 2022 > August > GitLab ‘strongly recommends’ patching critical RCE vulnerability
GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.
The latest GitLab versions that address the problem are 15.3.1, 15.2.3, and 15.1.5, which users are advised to upgrade to immediately.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," mentions GitLab's release announcement.
If it's not possible to install the security updates for whatever reason, GitLab recommends applying a workaround consisting of disabling GitHub import, a tool used for importing entire software projects from GitHub to GitLab.
Log in using an administrator account to your GitLab installation.
For instructions on how to update your GitLab installation, check out the project's official updating portal.
News URL
Related news
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical ServiceNow RCE flaws actively exploited to steal credentials (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical Progress WhatsUp RCE flaw now under active exploitation (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)