Alert GCSA-22084 - Aggiornamento di sicurezza per GitLab

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

******************************************************************

Alert ID: GCSA-22084
Data: 29 Luglio 2022
Titolo: Aggiornamento di sicurezza per GitLab

******************************************************************


:: Descrizione del problema

GitLab ha rilasciato nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

versioni precedenti alle 15.2.1, 15.1.4, 15.0.5 di:

GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)


:: Impatto

Cross-Site Scripting (XSS)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)


:: Soluzioni

Aggiornare il software alle ultime versioni

GitLab CE e EE 115.2.1, 15.1.4, 15.0.5

https://about.gitlab.com/update


:: Riferimenti

GitLab Security Release
https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/

GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/

Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2539



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iD8DBQFi45R6wZxMk2USYEIRCFZpAJ9YOzedkoofvewVsgERvsubTKtdYQCeMbCc
+9GVnlW5s0WQfLMQgCYzxbI=
=JcAA
-----END PGP SIGNATURE-----