GitLab has called on users of GitLab community and enterprise edition versions 11.3.4 to 15.1.4, 15.2 to 15.2.3, and 15.3 to immediately apply the recently issued software update addressing a critical remote command execution vulnerability, tracked as CVE-2022-2884, according to BleepingComputer.
Threat actors could leverage the flaw to facilitate server takeovers and proceed to source code theft and deletion, as well as malicious commit execution. Malware and other backdoors could also be deployed following the compromise of servers using the security bug.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," said GitLab.
Meanwhile, users without the ability to install the security updates have been advised to disable GitHub import used for software project importing from GitHub to GitLab as a workaround. GitHub has also provided a way to verify the proper implementation of the workaround.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news