GitLab shifts left to patch high-impact vulnerabilities
UPDATED GitLab has pushed out a significant security release that addresses multiple flaws including an arbitrary file read issue rated as ‘critical’ and two high-impact vulnerabilities.
An update to the popular version control platform released this week tackles a vulnerability involving cross-site scripting (XSS) in Notes, along with a high-impact authentication-related flaw involving a lack of state parameter on GitHub import project OAuth.
Users of the DevOps platform are strongly urged to upgrade to 14.6.2, 14.5.3, or 14.4.5 for GitLab Community Edition (CE) and Enterprise Edition (EE) in order to safeguard their environments.
All three of the higher severity flaws were reported to GitLab by ethical hackers through a bug bounty program operated by HackerOne.
GitLab has published a security notification that summarizes the content of its security updates, but without going into great detail.
