Alert GCSA-24075 - Aggiornamento di sicurezza per GitLab
******************************************************************
Alert ID: GCSA-24075
data: 23 maggio 2024
titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve sette vulnerabilita' di sicurezza,
di cui quattro di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alle 17.0.1, 16.11.3 e 16.10.6
:: Impatto
Information Disclosure
DoS
Cross Site Request Forgery (CSRF)
Cross Site Scripting (XSS)
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
https://about.gitlab.com/security/hardening/
CSIRT Italia
https://www.csirt.gov.it/contenuti/sanate-vulnerabilita-su-gitlab-ce-ee-al01-240523-csirt-ita
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6205
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZk8CRQAKCRDBnEyTZRJg
Qt4/AKCcl+VwIX0tHVGwqZ5mKOVnJ6vHDQCdHXNi34T4lBdjiVT78mL2CDhLwII=
=Dje4
-----END PGP SIGNATURE-----
Alert ID: GCSA-24075
data: 23 maggio 2024
titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve sette vulnerabilita' di sicurezza,
di cui quattro di livello alto.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alle 17.0.1, 16.11.3 e 16.10.6
:: Impatto
Information Disclosure
DoS
Cross Site Request Forgery (CSRF)
Cross Site Scripting (XSS)
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
https://about.gitlab.com/security/hardening/
CSIRT Italia
https://www.csirt.gov.it/contenuti/sanate-vulnerabilita-su-gitlab-ce-ee-al01-240523-csirt-ita
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6205
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZk8CRQAKCRDBnEyTZRJg
Qt4/AKCcl+VwIX0tHVGwqZ5mKOVnJ6vHDQCdHXNi34T4lBdjiVT78mL2CDhLwII=
=Dje4
-----END PGP SIGNATURE-----