Alert GCSA-22052 - Aggiornamento di sicurezza per GitLab
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22052
Data: 04 Maggio 2022
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciato nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 14.10.1, 14.9.4, e 14.8.6 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Manipolazione di Dati (DM)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni
GitLab CE e EE 14.10.1, 14.9.4, e 14.8.6
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1510
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFicmbbwZxMk2USYEIRAssUAJ9RIX8UVPWNKUQr/ZpSbK9eGYqpLQCgu+Bm
boY6SLDvhou0tWo81rMyPiM=
=IMn/
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22052
Data: 04 Maggio 2022
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciato nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 14.10.1, 14.9.4, e 14.8.6 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Manipolazione di Dati (DM)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni
GitLab CE e EE 14.10.1, 14.9.4, e 14.8.6
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1510
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFicmbbwZxMk2USYEIRAssUAJ9RIX8UVPWNKUQr/ZpSbK9eGYqpLQCgu+Bm
boY6SLDvhou0tWo81rMyPiM=
=IMn/
-----END PGP SIGNATURE-----