Izibuyekezo zokulungisa zeplathifomu yokuthuthukisa ukuhlanganyela i-GitLab 14.7.7, 14.8.5 kanye no-14.9.2 zisusa ubungozi obubalulekile (CVE-2022-1162) obuhambisana nokusetha amaphasiwedi anekhodi eqinile yama-akhawunti abhaliswe kusetshenziswa umhlinzeki we-OmniAuth (OAuth) , LDAP kanye ne-SAP. . Ukuba sengozini kuvumela umhlaseli ukuthi athole ukufinyelela ku-akhawunti. Bonke abasebenzisi bayelulekwa ukuthi bafake isibuyekezo ngokushesha. Imininingwane yenkinga ayikadalulwa. Kubasebenzisi ama-akhawunti abo athintwe inkinga, ukusetha kabusha amaphasiwedi abo sekuqaliwe. Inkinga ikhonjwe ngabasebenzi bakwa-GitLab futhi uphenyo aluzange luveze iminonjana yokuyekethisa kwabasebenzisi.
Izinguqulo ezintsha ziphinde ziqede ukukhubazeka okwengeziwe okungu-16, oku-2 kukho okumakwe njengokuyingozi, okungu-9 kumaphakathi kanti okungu-5 akuyona ingozi. Izinkinga eziyingozi zihlanganisa ukuthi kungenzeka yini umjovo we-HTML (XSS) emazwaneni (CVE-2022-1175) kanye namazwana/izincazelo ezikhishwayo (CVE-2022-1190).
Source: opennet.ru