Zosintha zowongolera pa nsanja yachitukuko cha GitLab 14.7.7, 14.8.5 ndi 14.9.2 zimachotsa chiopsezo chachikulu (CVE-2022-1162) chokhudzana ndi kukhazikitsa mawu achinsinsi olimba amaakaunti olembetsedwa pogwiritsa ntchito OmniAuth (OAuth) opereka , LDAP ndi SAPA . Kusatetezeka kumapangitsa woukira kuti alowe muakaunti. Onse ogwiritsa akulangizidwa kukhazikitsa pomwe nthawi yomweyo. Tsatanetsatane wa vutoli sizinafotokozedwebe. Ogwiritsa ntchito omwe maakaunti awo adakhudzidwa ndi nkhaniyi adalimbikitsidwa kukonzanso mawu achinsinsi awo. Vutoli lidazindikirika ndi ogwira ntchito ku GitLab ndipo kafukufukuyu sanawonetsere zachinyengo za ogwiritsa ntchito.
Mabaibulo atsopanowa amachotsanso zovuta zina za 16, zomwe 2 zimadziwika kuti ndizoopsa, 9 ndizochepa ndipo 5 sizowopsa. Zowopsa zimaphatikizapo kuthekera kwa jakisoni wa HTML (XSS) m'mawu (CVE-2022-1175) ndi ndemanga / mafotokozedwe omwe ali munkhani (CVE-2022-1190).
Source: opennet.ru