Alert GCSA-24151 - Aggiornamento di sicurezza per GitLab
******************************************************************
Alert ID: GCSA-24151
Data: 15 Novembre 2024
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alle 17.3.7, 17.4.4 e 17.5.2
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass
Cross-Site Scripting
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10240
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZzcYMQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC1vIAnicATj6Rmzhim4QOvSxwg5ZenCOPAKDbnkW6gCSx
UwNQGp5Et7qN6JWGzg==
=zMRk
-----END PGP SIGNATURE-----
Alert ID: GCSA-24151
Data: 15 Novembre 2024
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alle 17.3.7, 17.4.4 e 17.5.2
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass
Cross-Site Scripting
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10240
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZzcYMQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC1vIAnicATj6Rmzhim4QOvSxwg5ZenCOPAKDbnkW6gCSx
UwNQGp5Et7qN6JWGzg==
=zMRk
-----END PGP SIGNATURE-----