Alert GCSA-22015 - Aggiornamento di sicurezza per GitLab
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22015
Data: 07 Febbraio 2022
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 14.7.1, 14.6.4, e 14.5.4 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
GitLab Omnibus versioni precedenti alla 14.7
:: Impatto
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Provide Misleading Information (Spoofing)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni
GitLab CE e EE 14.7.1, 14.6.4, e 14.5.4
GitLab Omnibus 14.7
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0488
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFiAN+WwZxMk2USYEIRAiFYAKC8r5e2uhH9sQAKysRVWnXXiGnaHwCg3Cx1
ekNVismEcZOkZWHoOw0M20A=
=3/Ge
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22015
Data: 07 Febbraio 2022
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 14.7.1, 14.6.4, e 14.5.4 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
GitLab Omnibus versioni precedenti alla 14.7
:: Impatto
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Provide Misleading Information (Spoofing)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni
GitLab CE e EE 14.7.1, 14.6.4, e 14.5.4
GitLab Omnibus 14.7
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0488
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFiAN+WwZxMk2USYEIRAiFYAKC8r5e2uhH9sQAKysRVWnXXiGnaHwCg3Cx1
ekNVismEcZOkZWHoOw0M20A=
=3/Ge
-----END PGP SIGNATURE-----