Vulnerability Management, Threat Management
GitLab: Critical RCE flaw requires immediate patching
GitLab has called on users of GitLab community and enterprise edition versions 11.3.4 to 15.1.4, 15.2 to 15.2.3, and 15.3 to immediately apply the recently issued software update addressing a critical remote command execution vulnerability, tracked as CVE-2022-2884, according to BleepingComputer.
Threat actors could leverage the flaw to facilitate server takeovers and proceed to source code theft and deletion, as well as malicious commit execution. Malware and other backdoors could also be deployed following the compromise of servers using the security bug.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," said GitLab.
Meanwhile, users without the ability to install the security updates have been advised to disable GitHub import used for software project importing from GitHub to GitLab as a workaround. GitHub has also provided a way to verify the proper implementation of the workaround.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds