Cusboonaysiinta saxda ah ee goobta horumarinta iskaashiga ee GitLab 15.3.1, 15.2.3 iyo 15.1.5 waxay xalliyaan dayacanka halista ah (CVE-2022-2884) kaas oo u oggolaanaya isticmaale la xaqiijiyay inuu marin u helo API-ga ka soo dejinta xogta GitHub si uu meel fog uga fuliyo koodka serverka . Faahfaahinta hawlgalka weli lama bixin. Nuglaanta waxaa aqoonsaday cilmi-baare amni oo qayb ka ah barnaamijka deeqaha nugul ee HackerOne.
Hareer ahaan, waxaa lagula talinayaa in maamuluhu uu joojiyo shaqada soo dejinta ee GitHub (gudaha GitLab interface: "Menu" -> "Admin" -> "Settings" -> "Guud" -> "Muuqaalka iyo kontaroolada gelitaanka" - > "Ilaha soo dejinta" -> dami "GitHub").
Source: opennet.ru