Alert ID: GCSA-23082 - Aggiornamento di sicurezza per GitLab
******************************************************************
Alert ID: GCSA-23082
Data: 03 luglio 2023
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 16.1.1, 16.0.6, 15.11.10 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Denial of Service (DoS)
Rivelazione di informazioni sensibili (ID)
Bypass delle restrizioni di sicurezza (SRB)
HTML Injection
:: Soluzioni
Aggiornare il software alle ultime versioni:
GitLab CE e EE 16.1.1, 16.0.6, 15.11.10
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1936
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZKKwyQAKCRDBnEyTZRJg
Qi8aAJ4gryyYkHgu92H2f3nAfQ3XgY/HDgCgyAWUVw8GokTnVA5fBttcWaRAXOo=
=a1FY
-----END PGP SIGNATURE-----
Alert ID: GCSA-23082
Data: 03 luglio 2023
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve alcune vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
versioni precedenti alle 16.1.1, 16.0.6, 15.11.10 di:
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
:: Impatto
Denial of Service (DoS)
Rivelazione di informazioni sensibili (ID)
Bypass delle restrizioni di sicurezza (SRB)
HTML Injection
:: Soluzioni
Aggiornare il software alle ultime versioni:
GitLab CE e EE 16.1.1, 16.0.6, 15.11.10
https://about.gitlab.com/update
:: Riferimenti
GitLab Critical Security Release
https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/
GitLab instance: security best practices
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre's CVE ID
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1936
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZKKwyQAKCRDBnEyTZRJg
Qi8aAJ4gryyYkHgu92H2f3nAfQ3XgY/HDgCgyAWUVw8GokTnVA5fBttcWaRAXOo=
=a1FY
-----END PGP SIGNATURE-----