Izibuyekezo zokulungisa zeplathifomu yokuthuthukisa ngokubambisana i-GitLab 14.8.2, 14.7.4 kanye no-14.6.5 zisusa ubungozi obubalulekile (CVE-2022-0735) obuvumela umsebenzisi ongagunyaziwe ukuthi akhiphe amathokheni okubhalisa ku-GitLab Runner, esetshenziselwa ukubiza izibambi. lapho wakha ikhodi yephrojekthi ohlelweni lokuhlanganisa oluqhubekayo. Imininingwane ayikanikezwa, kuphela ukuthi inkinga ibangelwa ukuvuza kolwazi lapho usebenzisa imiyalo Yezenzo Ezisheshayo.
Inkinga ikhonjwe abasebenzi be-GitLab futhi ithinta izinguqulo 12.10 kuya ku-14.6.5, 14.7 kuya ku-14.7.4, kanye no-14.8 kuye ku-14.8.2. Abasebenzisi abagcina ukufakwa kwe-GitLab ngokwezifiso bayelulekwa ukuthi bafake isibuyekezo noma basebenzise ipheshi ngokushesha okukhulu. Inkinga yaxazululwa ngokukhawulela ukufinyelela emiyalweni Yezenzo Ezisheshayo kubasebenzisi abanemvume yokubhala kuphela. Ngemva kokufaka isibuyekezo noma iziqephu zomuntu ngamunye βzethokheni-isiqaloβ, amathokheni okubhalisa kokuthi Runner adalelwe amaqembu kanye namaphrojekthi ngaphambilini azosethwa kabusha futhi enziwe kabusha.
Ngokungeziwe ebucayini obubalulekile, izinguqulo ezintsha ziphinde zisuse ubungozi obuncane obungu-6 obungaholela kumsebenzisi ongenalungelo engeza abanye abasebenzisi emaqenjini, ulwazi olungalungile lwabasebenzisi ngokukhohlisa okuqukethwe Kwamazwibela, ukuvuza kokuhlukahluka kwemvelo ngendlela yokulethwa kwe-sendmail, ukunquma ubukhona babasebenzisi nge-GraphQL API, ukuvuza kwamagama ayimfihlo lapho ufaka isibuko amakhosombe nge-SSH kumodi yokudonsa, ukuhlasela kwe-DoS ngohlelo lokuhambisa amazwana.
Source: opennet.ru