First published: Fri Aug 05 2022(Updated: )
Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=12.10.0<15.0.5 | |
GitLab GitLab | >=15.1.0<15.1.4 | |
GitLab GitLab | =15.2 | |
GitLab GitLab | >=12.10.0<15.0.5 | |
GitLab GitLab | >=15.1.0<15.1.4 | |
GitLab GitLab | =15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.