Uhlaziyo oluchanekileyo kwiqonga lophuhliso lwentsebenziswano ye-GitLab 15.3.1, 15.2.3 kunye ne-15.1.5 sombulula ubuthathaka obubalulekileyo (i-CVE-2022-2884) evumela umsebenzisi oqinisekisiweyo ukuba afikelele kwi-API yokungenisa idatha esuka kwi-GitHub ukwenza ikhowudi ekude umncedisi . Iinkcukacha zokusebenza azikanikezelwa. Ukuba sesichengeni kwachongwa ngumphandi wokhuseleko njengenxalenye yenkqubo ye-bounty ye-HackerOne yomngcipheko.
Njengomsebenzi, kuyacetyiswa ukuba umlawuli avale umsebenzi wokungenisa kwi-GitHub (kwi-intanethi ye-GitLab: "Imenyu" -> "Umlawuli" -> "Useto" -> "Ngokubanzi" -> "Ukubonakala kunye nolawulo lokufikelela" - > "Imithombo yokungenisa" -> khubaza "GitHub").
umthombo: opennet.ru