GitLab 15.3.1, 15.2.3, ndi 15.1.5 zigamba za nsanja yachitukuko zimakonza chiwopsezo chachikulu (CVE-2022-2884) chomwe chitha kulola wogwiritsa ntchito wovomerezeka kukhala ndi mwayi wolowera ku API ya GitHub kuti agwiritse ntchito code pa seva. Tsatanetsatane wa kugwiritsa ntchito sikunapezeke. Chiwopsezochi chinapezeka ndi wofufuza zachitetezo kudzera mu pulogalamu yachiwopsezo ya HackerOne.
Monga njira yogwirira ntchito, tikulimbikitsidwa kuti woyang'anira azimitsa ntchito yotumiza kuchokera ku GitHub (mu mawonekedwe a intaneti a GitLab: "Menyu" -> "Admin" -> "Zikhazikiko" -> "General" -> "Mawonekedwe ndi zowongolera" -> "Zochokera kuzinthu" -> zimitsani "GitHub").
Source: opennet.ru
