Alert GCSA-23125 - Aggiornamento di sicurezza per GitLab

Alert GCSA-23125 - Aggiornamento di sicurezza per GitLab

******************************************************************

Alert ID: GCSA-23125
Data: 29 Settembre 2023
Titolo: Aggiornamento di sicurezza per GitLab

******************************************************************

:: Descrizione del problema

GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.

Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".

:: Software interessato

GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)

versioni precedenti alla 16.4.1, 16.3.5 e 16.2.8

:: Impatto

Information Disclosure
Security Restriction Bypass
Data Manipulation
Elevation of Privilege

:: Soluzioni

Aggiornare alle ultime versioni

https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/

:: Riferimenti

GitLab Security Release
https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/

GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5207

GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iD8DBQFlFoHfwZxMk2USYEIRCLKLAJ98zt+ShSdaopO7jJIEmrCgcfRAKACgsNjz
QzKZr8tHBXDOv1h3ar88KH0=
=YZNZ
-----END PGP SIGNATURE-----