Lintlafatso tse lokisoang sethaleng sa nts'etsopele ea tšebelisano-'moho GitLab 14.7.7, 14.8.5 le 14.9.2 li felisa ts'oenyeho e kholo (CVE-2022-1162) e amanang le ho beha li-password tse thata bakeng sa li-account tse ngolisitsoeng ho sebelisoa mofani oa OmniAuth (OAuth) , LDAP le SA . Kotsi e ka 'na ea lumella mohlaseli ho kena akhaonteng. Basebelisi bohle ba eletsoa ho kenya apdeite hang-hang. Lintlha tsa bothata ha li e-so senoloe. Basebelisi bao liak'haonte tsa bona li anngoeng ke bothata bona ba khothalelitsoe ho seta li-password tsa bona bocha. Bothata bo ile ba bonoa ke basebetsi ba GitLab mme lipatlisiso ha lia ka tsa senola mesaletsa ea ho sekisetsa basebelisi.
Liphetolelo tse ncha li boetse li felisa bofokoli bo bong ba 16, bao 2 e tšoailoeng e le kotsi, 9 e itekanetse 'me 5 ha e kotsi. Litaba tse kotsi li kenyelletsa monyetla oa ente ea HTML (XSS) litlhalosong (CVE-2022-1175) le litlhaloso / litlhaloso tse hlahang khatisong (CVE-2022-1190).
Source: opennet.ru