Uhlaziyo olulungisayo kwiqonga lophuhliso lwentsebenziswano GitLab 14.7.7, 14.8.5 kunye 14.9.2 susa ubuthathaka obubalulekileyo (CVE-2022-1162) ezinxulumene nokuseta amagama ayimfihlo aqinileyo kwiiakhawunti ezibhaliswe kusetyenziswa i-OmniAuth (OAuth) umboneleli kunye ne-SASA, i-LDAP . Ubuthathaka buvumela umhlaseli ukuba afikelele kwi-akhawunti. Bonke abasebenzisi bayacetyiswa ukuba bafake uhlaziyo ngoko nangoko. Iinkcukacha zale ngxaki azikachazwa. Abasebenzisi abaneeakhawunti ezichatshazelwe ngumba baye bacelwa ukuba baphinde bamisele amagama abo ayimfihlo. Ingxaki ichongiwe ngabasebenzi be-GitLab kwaye uphando aluzange luveze naluphi na umkhondo wokuthotyelwa komsebenzisi.
Iinguqulelo ezintsha ziphinda zisuse ubuthathaka obungakumbi be-16, apho i-2 iphawulwe njengeyingozi, i-9 iphakathi kwaye i-5 ayinabungozi. Imiba eyingozi ibandakanya ukuba nokwenzeka kwe-HTML injection (XSS) kumazwana (CVE-2022-1175) kunye namazwana / iinkcazo kwimiba (CVE-2022-1190).
umthombo: opennet.ru