CVE-2022-0244 An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5

CVE-2022-0244 An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5

GitLab provides a web-based code review tool allowing stakeholders to review code written by multiple team members. If an attacker managed to sneak code review data into a project, he could potentially execute malicious code and infect the project team members’ computers.

CVE-2018-9227 has been assigned to this vulnerability. This issue was fixed in version 14.5.5. As always, we advise all users to upgrade to the latest version as soon as possible.

Another issue was discovered in GitLab, affecting all versions starting with 14.5. One of the parameters to the /settings/email_notification endpoint is not validated, allowing an attacker to inject malicious code into the system and potentially compromise the system.
In order to exploit this issue, an attacker must be on the same network as the targeted system.

CVE-2018-9222 has been assigned to this issue. This issue was fixed in version 14.5.5. As always, we advise all users to upgrade to the latest version as soon as possible.

A critical remote code execution vulnerability was discovered in GitLab. An attacker could potentially exploit this issue through a maliciously crafted email.
In order to exploit this issue, an attacker must be on the same network as the targeted system.

CVE-2018-9221 has been assigned to this issue. This issue was fixed in version 14.5.5. As always, we advise all users to upgrade to

GitLab CI/CD

- SSH Injection
A critical remote code execution vulnerability was discovered in GitLab. An attacker could potentially exploit this issue through a maliciously crafted email.
In order to exploit this issue, an attacker must be on the same network as the targeted system.

CVE-2018-9222 has been assigned to this issue. This issue was fixed in version 14.5.5. As always, we advise all users to upgrade to the latest version as soon as possible.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe