Izibuyekezo ezilungisayo zeplathifomu yokuthuthukisa ngokubambisana ye-GitLab engu-15.3.1, 15.2.3 kanye no-15.1.5 ixazulula ukuba sengozini okubucayi (CVE-2022-2884) okuvumela umsebenzisi ogunyaziwe ukuthi afinyelele i-API yokungenisa idatha esuka ku-GitHub ukuze asebenzise ikhodi ekude iseva . Imininingwane yokusebenza ayikanikezwa. Ukuba sengozini kukhonjwe umcwaningi wezokuvikela njengengxenye yohlelo lwenzuzo yokuba sengozini lwe-HackerOne.
Njengendlela yokusebenza, kunconywa ukuthi umlawuli akhubaze umsebenzi wokungenisa usuka ku-GitHub (kuhlelo lwewebhu lwe-GitLab: “Imenyu” -> “Umphathi” -> “Izilungiselelo” -> “Okuvamile” -> “Ukubonakala nokulawula ukufinyelela” - > "Ngenisa imithombo" -> khubaza "GitHub").
Source: opennet.ru