First published: Thu May 19 2022(Updated: )
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=1.0.2<14.8.6 | |
GitLab GitLab | >=1.0.2<14.8.6 | |
GitLab GitLab | >=14.9.0<14.9.4 | |
GitLab GitLab | >=14.9.0<14.9.4 | |
GitLab GitLab | =14.10.0 | |
GitLab GitLab | =14.10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.