Alert GCSA-24088 - Aggiornamento di sicurezza per GitLab
******************************************************************
Alert ID: GCSA-24088
Data: 28 Giugno 2024
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alla 17.1.1, 17.0.3 e 16.11.5
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Elevation of Privilege
Security Restriction Bypass
Data Manipulation
Cross-Site Scripting
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6323
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZn6E9w0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCcNAAoN/nwa6wiVjfRw1koVy9VL6Cw6n1AJ9BJ1yL0W4h
PAcSdGiR9tuMbNJBqg==
=9FW+
-----END PGP SIGNATURE-----
Alert ID: GCSA-24088
Data: 28 Giugno 2024
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alla 17.1.1, 17.0.3 e 16.11.5
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Elevation of Privilege
Security Restriction Bypass
Data Manipulation
Cross-Site Scripting
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6323
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZn6E9w0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCcNAAoN/nwa6wiVjfRw1koVy9VL6Cw6n1AJ9BJ1yL0W4h
PAcSdGiR9tuMbNJBqg==
=9FW+
-----END PGP SIGNATURE-----