GitLab Security Release 15.9.2 (CVE-2023-0050)

3 views

Skip to first unread message

Fleury, Terry

unread,

Mar 3, 2023, 12:36:32 PM3/3/23

to cv-an...@trustedci.org

CI Operators:

GitLab has released v15.9.2 [1] to address several security vulnerabilities, one rated as "high". This update also addresses nine "medium" severity vulnerabilities, and one "low" severity vulnerability.

Impact:

One High Severity Vulnerability:

CVE-2023-0050 [2] - A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.

Affected Software:

GitLab < v15.7.8
GitLab 15.8.x < v15.8.4
GitLab 15.9.x < v15.9.2

Recommendation:

Update to the latest patched version of GitLab for your installation [3]. There are no recommended mitigations.

References:

[1] https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0050

[3] https://about.gitlab.com/update/

How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.

You are receiving this message because you are subscribed to cv-an...@trustedci.org. The archive of previous alerts is publicly accessible. If you prefer not to receive future alerts, you can unsubscribe.

Reply all

Reply to author

Forward

0 new messages