Sabuntawar gyara ga dandalin haɓaka haɗin gwiwar GitLab 14.7.7, 14.8.5 da 14.9.2 suna kawar da mummunan rauni (CVE-2022-1162) mai alaƙa da saita kalmar sirri mai ƙarfi don asusun rajista ta amfani da mai ba da OmniAuth (OAuth) , LDAP da SAML) . Rashin lahani na iya baiwa maharin damar samun damar shiga asusun. An shawarci duk masu amfani da su shigar da sabuntawa nan da nan. Har yanzu ba a bayyana cikakken bayani kan matsalar ba. Ga masu amfani waɗanda matsalar ta shafa asusunsu, an fara sake saitin kalmomin shiga. Ma'aikatan GitLab ne suka gano matsalar kuma binciken bai bayyana wani alamar sulhu ba.
Sabbin nau'ikan kuma sun kawar da ƙarin rauni guda 16, waɗanda 2 aka yiwa alama a matsayin haɗari, 9 matsakaici ne kuma 5 ba haɗari bane. Batutuwa masu haɗari sun haɗa da yuwuwar allurar HTML (XSS) a cikin sharhi (CVE-2022-1175) da sharhi/bayani a cikin fitowar (CVE-2022-1190).
source: budenet.ru