High Threat Security Alert (A21-11-04): Multiple vulnerabilities in GitLab


 

Published on: 04 November 2021

  
  

Description:

GitLab has released 13.10.3, 13.9.6 and 13.8.8 to fix the vulnerabilities in various versions of GitLab.

Reports indicate that the vulnerability (CVE-2021-22205) is being exploited in the wild. You are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • GitLab Community Edition (CE) versions prior to 13.10.3, 13.9.6 and 13.8.8
  • GitLab Enterprise Edition (EE) versions prior to 13.10.3, 13.9.6 and 13.8.8

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, security restriction bypass or spoofing on an affected system.

 

Recommendation:

Patches for affected software are available.  System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
  • https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20210415
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965


Tag: GitLab
Tags