Alert GCSA-24151 - Aggiornamento di sicurezza per GitLab

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

******************************************************************

Alert ID: GCSA-24151
Data: 15 Novembre 2024
Titolo: Aggiornamento di sicurezza per GitLab

******************************************************************

:: Descrizione del problema

GitLab ha rilasciamo nuove versioni della propria piattaforma
con le quali risolve varie vulnerabilita'.

Il produttore consiglia di aggiornare immediatamente
tutte le installazioni.

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)

versioni precedenti alle 17.3.7, 17.4.4 e 17.5.2


:: Impatto

Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass
Cross-Site Scripting


:: Soluzioni

Aggiornare alle ultime versioni

https://about.gitlab.com/update
https://docs.gitlab.com/ee/update/


:: Riferimenti

GitLab Security Release
https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/

GitLab - security best practices
https://about.gitlab.com/blog/2022/03/21/security-hygiene-best-practices-for-gitlab-users/
https://about.gitlab.com/blog/2020/05/20/gitlab-instance-security-best-practices/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10240




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZzcYMQ0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC1vIAnicATj6Rmzhim4QOvSxwg5ZenCOPAKDbnkW6gCSx
UwNQGp5Et7qN6JWGzg==
=zMRk
-----END PGP SIGNATURE-----