Alert GCSA-23125 - Aggiornamento di sicurezza per GitLab
******************************************************************
Alert ID: GCSA-23125
Data: 29 Settembre 2023
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alla 16.4.1, 16.3.5 e 16.2.8
:: Impatto
Information Disclosure
Security Restriction Bypass
Data Manipulation
Elevation of Privilege
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5207
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFlFoHfwZxMk2USYEIRCLKLAJ98zt+ShSdaopO7jJIEmrCgcfRAKACgsNjz
QzKZr8tHBXDOv1h3ar88KH0=
=YZNZ
-----END PGP SIGNATURE-----