GitLab has released a security update to address a critical vulnerability that may lead to remote code execution.
The vulnerability is tracked as CVE-2022-2884 and may allow an authenticated user to achieve remote code execution via the “Import from GitHub API” endpoint, as per an advisory from GitLab.
GitLab Urges Users to Update
It has since been patched, as GitLab urges all users to update to the latest version.
“These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version,” the blog post reads.
Version 15.3 also contains a number of usability and UI improvements as well as more complex password requirements for GitLab accounts.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.
