Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning – Critical GitLab Vulnerability Could Allow Attackers to Steal Runner Registration Tokens
Image
Published : 03/03/2022
Reference:
Advisory #2022-003
Version:
1.0
Affected software:
Gitlab Community Edition
Gitlab Enterprise Edition
Type:
Information Disclosure
CVE/CVSS:
| CVE-2022-0735 |
Sources
Gitlab: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
Risks
Unpatched versions of Gitlab CE/EE are vulnerable to information disclosure using quick actions commands, allowing an unauthorized user to steal runner registration tokens.
Description
An issue has been discovered in GitLab CE/EE affecting all versions prior 14.8.2, 14.7.4, and 14.6.5.
This information disclosure vulnerability allows an unauthorized user to steal runner registration tokens using quick actions commands.
This vulnerability was disclosed to Gitlab through the HackerOne bug bounty program.
Gitlab has released versions 14.8.2, 14.7.4, and 14.6.5 for both the Community Edition and Enterprise edition, which also serves as the monthly security release for February.
Recommended Actions
Gitlab strongly recommends that all GitLab installations be upgraded to one of these versions immediately.