GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Communi...

Gitlab -- Remote Code Execution

Gitlab reports: Remote Command Execution via Github import...

UBUNTU-CVE-2022-0154

An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their...

FreeBSD : Gitlab -- Multiple Vulnerabilities (43f84437-73ab-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43f84437-73ab-11ec-a587-001b217b3468 advisory. - Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of sta...

CVE-2020-13326

A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed...

GitLab: GitHub import allows user to create child group under existing namespace

When importing a GitHub repository on GitLab, a request is made to /import/github. The user is allowed to pass along a target namespace where they want to add the repository. In this process, the code will create the namespace if it doesn't exist already. However, this can be used to create a...