Alert ID: GCSA-23074 - Aggiornamento di sicurezza per GitLab
******************************************************************
Alert ID: GCSA-23074
Data: 07 Giugno 2023
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 16.0.2, 15.11.7, e 15.10.8 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Manipolazione di dati (DM)
Acquisizione di privilegi piu' elevati (EoP)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni:
GitLab CE e EE 16.0.2, 15.11.7, e 15.10.8
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2589
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFkgFdlwZxMk2USYEIRCGjYAKCXZ9PwMH+gdZz4edCUlPcx81VhBgCgrF+x
B0vhl1SMEyOWEj7PasS7Ocs=
=A3Ps
-----END PGP SIGNATURE-----
Alert ID: GCSA-23074
Data: 07 Giugno 2023
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 16.0.2, 15.11.7, e 15.10.8 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Manipolazione di dati (DM)
Acquisizione di privilegi piu' elevati (EoP)
Bypass delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni sensibili (ID)
:: Soluzioni
Aggiornare il software alle ultime versioni:
GitLab CE e EE 16.0.2, 15.11.7, e 15.10.8
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2589
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFkgFdlwZxMk2USYEIRCGjYAKCXZ9PwMH+gdZz4edCUlPcx81VhBgCgrF+x
B0vhl1SMEyOWEj7PasS7Ocs=
=A3Ps
-----END PGP SIGNATURE-----