Vulnerability Management, Threat Management

GitLab: Critical RCE flaw requires immediate patching

GitLab has called on users of GitLab community and enterprise edition versions 11.3.4 to 15.1.4, 15.2 to 15.2.3, and 15.3 to immediately apply the recently issued software update addressing a critical remote command execution vulnerability, tracked as CVE-2022-2884, according to BleepingComputer. Threat actors could leverage the flaw to facilitate server takeovers and proceed to source code theft and deletion, as well as malicious commit execution. Malware and other backdoors could also be deployed following the compromise of servers using the security bug. "We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," said GitLab. Meanwhile, users without the ability to install the security updates have been advised to disable GitHub import used for software project importing from GitHub to GitLab as a workaround. GitHub has also provided a way to verify the proper implementation of the workaround.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.