GitLab e lokollotse letoto la moraorao la di-patches bakeng sa sethala sa yona sa ntshetsopele ya tshebedisano-mmoho—diphetolelo tsa 15.3.2, 15.2.4, le 15.1.6—tse sebetsanang le bofokodi bo tebileng (CVE-2022-2992) bo ka dumellang mosebedisi ya netefaditsweng ho kenya khoutu hole ho seva. Jwalo ka CVE-2022-2884, e ileng ya patjwa beke e fetileng, kgatiso ena e ntjha e ama API bakeng sa ho kenya data ho tswa ho GitHub. Bofokodi bo boetse bo ama ditokollo tsa 15.3.1, 15.2.3, le 15.1.5, tse ileng tsa lokisa bofokodi ba pele khoutung ya ho kenya ya GitHub.
Lintlha tsa tšebeliso ha li so fumanehe. Tlhahisoleseling mabapi le bofokodi e tlalehetsoe ho GitLab ka lenaneo la HackerOne bug bounty, empa ho fapana le tokollo e fetileng, e fumanoe ke motho e mong ea amehang. E le tharollo, batsamaisi ba eletsoa ho tima tšobotsi ea ho kenya ea GitHub (ho sebopeho sa webo sa GitLab: "Menu" -> "Admin" -> "Litlhophiso" -> "Kakaretso" -> "Ponahalo le taolo ea phihlello" -> "Mehloli ea ho kenya" -> tima "GitHub").
Ho phaella moo, dintlafatso tse sisintsweng di lokisa bofokodi bo bong bo 14, boo bobedi ba bona bo tshwailweng e le bo tebileng, bo leshome bo abelwa boemo ba boima bo mahareng, mme bo bong bo tshwailwe e le bo seng boima. Bofokodi bo latelang bo nkwa bo le boima: bofokodi CVE-2022-2865, e dumellang basebedisi ho kenya khoutu ya JavaScript e ikgethileng maqepheng a bontshwang basebedisi ba bang ka ho fetola mabitso a mebala, le bofokodi CVE-2022-2527, e dumellang basebedisi ho kenya dikahare tse ikgethileng tshimong ya tlhaloso ho Incidents Timeline. Bofokodi ba boima bo mahareng bo kenyeletsa haholoholo ho hanelwa tshebeletso.
Source: opennet.ru
