I-GitLab ishicilele uchungechunge olulandelayo lwezibuyekezo zokulungisa endaweni yayo yokuhlela ukuthuthukiswa ngokubambisana - 15.3.2, 15.2.4 kanye no-15.1.6, okuqeda ukuba sengozini okubalulekile (CVE-2022-2992) okuvumela umsebenzisi ogunyaziwe ukuthi akhiphe ikhodi ekude. kuseva. Njengokuba sengcupheni kwe-CVE-2022-2884, eyalungiswa ngesonto eledlule, inkinga entsha ikhona ku-API yokungenisa idatha kusuka kusevisi ye-GitHub. Ukuba sengozini kuvela ekukhishweni okungu-15.3.1, 15.2.3 no-15.1.5, okulungise ukuba sengozini kokuqala kukhodi yokungenisa evela ku-GitHub.
Imininingwane yokusebenza ayikanikezwa. Ulwazi olumayelana nokuba sengozini luhanjiswe ku-GitLab njengengxenye yohlelo lwenzuzo yokuba sengozini ye-HackerOne, kodwa ngokungafani nenkinga yangaphambilini, ikhonjwe omunye umhlanganyeli. Njengendlela yokusebenza, kunconywa ukuthi umlawuli akhubaze umsebenzi wokungenisa usuka ku-GitHub (kuhlelo lwewebhu lwe-GitLab: “Imenyu” -> “Umphathi” -> “Izilungiselelo” -> “Okuvamile” -> “Ukubonakala nezilawuli zokufinyelela” - > "Ngenisa imithombo" -> khubaza "GitHub").
Ngaphezu kwalokho, izibuyekezo ezihlongozwayo zilungisa ukukhubazeka okwengeziwe okungu-14, okubili kwakho okumakwe njengokuyingozi, okuyishumi kubelwa izinga eliphakathi lengozi, futhi okubili kumakwe njengokuyingozi. Lokhu okulandelayo kubonwa njengokuyingozi: ukuba sengozini kwe-CVE-2022-2865, okukuvumela ukuthi ungeze ikhodi yakho ye-JavaScript emakhasini aboniswe kwabanye abasebenzisi ngokukhohlisa amalebula ombala, kanye nokuba sengozini kwe-CVE-2022-2527, okwenza kube nokwenzeka shintsha okuqukethwe kwakho ngenkambu yencazelo kumugqa wesikhathi wesikali sezehlakalo). Ubungozi obumaphakathi buhlobene ngokuyinhloko nokwenzeka kokunqatshelwa kwesevisi.
Source: opennet.ru