GitLab has published a security advisory to address vulnerabilities affecting the following products on the 30th of November 2022. It is recommended that you take the necessary precautions to ensure your products are always protected.
GitLab Community Edition (CE) – versions prior to 15.6.1, 15.5.5 and 15.4.6
GitLab Enterprise Edition (EE) – versions prior to 15.6.1, 15.5.5 and 15.4.6
For more information on these updates, you can follow this URL:
https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.
PDF Download: GitLab Security Advisory.pdf
References
GitLab Security Release: 15.6.1, 15.5.5 and 15.4.6. (30th of November 2022). Reviewed from GitLab:
https://access.redhat.com/security/security-updates/#/security-advisories
GitLab security advisory (AV22-675). (5th of December 2022). Reviewed from Canadian Centre for Cyber Security:
https://cyber.gc.ca/en/alerts-advisories/gitlab-security-advisory-av22-676