OP 14 January, 2022 - 04:47 AM
Quote: GitLab has pushed out a significant security release that addresses multiple flaws including an arbitrary file read issue rated as ‘critical’ and two high-impact vulnerabilities.Source: https://portswigger.net/
An update to the popular version control platform released this week tackles a vulnerability involving cross-site scripting (XSS) in Notes, along with a high-impact authentication-related flaw involving a lack of state parameter on GitHub import project OAuth.
Users of the DevOps platform are strongly urged to upgrade to 14.6.2, 14.5.3, or 14.4.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) in order to safeguard their environments.
The release also offers relief from seven moderate severity and two lower risk security bugs.