Alert GCSA-22052 - Aggiornamento di sicurezza per GitLab

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************

Alert ID: GCSA-22052
Data: 04 Maggio 2022
Titolo: Aggiornamento di sicurezza per GitLab

******************************************************************


:: Descrizione del problema

GitLab ha rilasciato nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.

Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

versioni precedenti alle 14.10.1, 14.9.4, e 14.8.6 di:

GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)


:: Impatto

Cross-Site Scripting (XSS)
Denial of Service (DoS)
Manipolazione di Dati (DM)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)


:: Soluzioni

Aggiornare il software alle ultime versioni

GitLab CE e EE 14.10.1, 14.9.4, e 14.8.6

https://about.gitlab.com/update


:: Riferimenti

GitLab Critical Security Release
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/

GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/

Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1510


GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iD8DBQFicmbbwZxMk2USYEIRAssUAJ9RIX8UVPWNKUQr/ZpSbK9eGYqpLQCgu+Bm
boY6SLDvhou0tWo81rMyPiM=
=IMn/
-----END PGP SIGNATURE-----