Skip to main content
GARR
Servizi GARR
Contatti
FAQs
CERT
Cert Team
Contatti
RFC 2350
AUP - Regole d'uso della rete
Privacy policy
Cookies Policy
Incidents
Management procedure
Reports accidents
Vulnerability test | SCARR
Alert
Security Alerts
Alert subscription
PGP
PGP Keys info
GARR CERT PGP Keys
More Informations
News & Warning
Training
Files e Docs
Cybersecurity Month | GARRNews
Cybersecurity | GARRNews
GARR
Servizi GARR
Contatti
CERT
Cert Team
Contatti
RFC 2350
AUP - Regole d'uso della rete
Privacy policy
Cookies Policy
Incidents
Management procedure
Reports accidents
Vulnerability test | SCARR
Alert
Security Alerts
Alert subscription
PGP
PGP Keys info
GARR CERT PGP Keys
More Informations
News & Warning
Training
Files e Docs
Cybersecurity Month | GARRNews
Cybersecurity | GARRNews
CERT | Computer Emergency Response Team della comunità dell'istruzione e della ricerca
CERT | Computer Emergency Response Team della comunità dell'istruzione e della ricerca
GARR CERT
Alert
Security Alerts
GARR CERT Security Alert
Alert GCSA-24151 - Aggiornamento di sicurezza per GitLab
Alert GCSA-24151 - Aggiornamento di sicurezza per GitLab
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-24151
Data: 15 Novembre 2024
Titolo: Aggiornamento di sicurezza per GitLab
******************************************************************
:: Descrizione del problema
GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.
Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
versioni precedenti alle 17.3.7, 17.4.4 e 17.5.2
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass
Cross-Site Scripting
:: Soluzioni
Aggiornare alle ultime versioni
https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/
:: Riferimenti
GitLab Security Release
https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/
GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10240
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZzcYMQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC1vIAnicATj6Rmzhim4QOvSxwg5ZenCOPAKDbnkW6gCSx
UwNQGp5Et7qN6JWGzg==
=zMRk
-----END PGP SIGNATURE-----
