It has been confirmed that the issue affects all GitLab installations using a version before 15.3.4, all installations using a version before 15.4.1, and all installations using a version starting from 14.4. GitLab has released version 15.3.4, version 15.4.1, and version 14.4 patch releases to fix the issue. Additionally, we have released version 15.2.9, version 15.1.9, and version 14.3 patch releases to fix the issue on those older versions.
What is GitLab?
GitLab is an open source project management software that allows organizations to collaborate on projects using Git. It is a web-based application with a desktop client available for Windows, Mac, and Linux. GitLab provides the complete project lifecycle from idea to production.
How to check if you are affected by CVE-2022 -3067
To check if you are affected by CVE-2022-3067, use the following command:
/usr/bin/gitlab-rake gitlab:check-version --build=14.4
If the output is "vulnerable," then you are affected.
CVE-2022-3068
It has been confirmed that the issue affects all GitLab installations using a version before 15.3.4, all installations using a version before 15.4.1, and all installations using a version starting from 14.4. GitLab has released version 15.3.4, version 15.4.1, and version 14.4 patch releases to fix the issue. Additionally, we have released version 15.2.9, version 15.1.9, and version 14.3 patch releases to fix the issue on those older versions.
Timeline
Published on: 10/17/2022 16:15:00 UTC
Last modified on: 10/19/2022 15:07:00 UTC