Alert GCSA-22084 - Aggiornamento di sicurezza per GitLab
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22084
Data: 29 Luglio 2022
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciato nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 15.2.1, 15.1.4, 15.0.5 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Cross-Site Scripting (XSS)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni
GitLab CE e EE 115.2.1, 15.1.4, 15.0.5
https://about.gitlab.com/update
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2539
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFi45R6wZxMk2USYEIRCFZpAJ9YOzedkoofvewVsgERvsubTKtdYQCeMbCc
+9GVnlW5s0WQfLMQgCYzxbI=
=JcAA
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-22084
Data: 29 Luglio 2022
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciato nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 15.2.1, 15.1.4, 15.0.5 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Cross-Site Scripting (XSS)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni
GitLab CE e EE 115.2.1, 15.1.4, 15.0.5
https://about.gitlab.com/update
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2539
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFi45R6wZxMk2USYEIRCFZpAJ9YOzedkoofvewVsgERvsubTKtdYQCeMbCc
+9GVnlW5s0WQfLMQgCYzxbI=
=JcAA
-----END PGP SIGNATURE-----