Skip to content

Commit

Permalink
20240726003 - Update (#903)
Browse files Browse the repository at this point in the history 
* 20240726003 - Correction of information

* Format markdown docs

* Update 20240726003

Typo correction

---------

Co-authored-by: JadonWill <JadonWill@users.noreply.github.com>
  • Loading branch information
@JadonWill
JadonWill and JadonWill authored Jul 26, 2024
1 parent 4501608 commit a7b1e00
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions docs/advisories/20240726003-GitLab-Releases-Security-Advisory.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@

## Overview

GitLab, the widely used code collaboration platform addresses vulnerabilities across multiple versions of its software. While none of the flaws are classified as "critical," at the time of writing one high-severity cross-site scripting (XSS) bug could have serious consequences if not patched promptly.
GitLab has published and avdisory to address vulnerabilities across multiple versions of its software.

## What is vulnerable?

| Product(s) Affected | Version(s) | CVE | CVSS | Severity | Dated |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---- | ---------- | ------------- |
| Enterprise Edition (EE) | [- from 16.11 to 17.0.5 <br/> - from 17.1 to 17.1.3 <br/> - from 17.2 to 17.2.1](https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/) | [CVE-2024-5067](https://nvd.nist.gov/vuln/detail/CVE-2024-5067) | 4.4 | **Medium** | 24 July, 2024 |
| GitLab Community Edition (CE) <br/> Enterprise Edition (EE) | [- from 16.7 to 17.0.5 <br/> - from 17.1 to 17.1.3 <br/> - from 17.2 to 17.2.1](https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/) | [CVE-2024-7057](https://nvd.nist.gov/vuln/detail/CVE-2024-7057) | 4.3 | **Medium** | 24 July, 2024 |
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---- | -------- |
| Enterprise Edition (EE) | - 16.11 **before** 17.0.5 <br/> - 17.1 **before** 17.1.3 <br/> - 17.2 **before** 17.2.1 | [CVE-2024-5067](https://nvd.nist.gov/vuln/detail/CVE-2024-5067) | 4.4 | Medium |
| GitLab Community Edition (CE) <br/> Enterprise Edition (EE) | - 16.7 **before** 17.0.5 <br/> - 17.1 **before** 17.1.3 <br/> - 17.2 **before** 17.2.1 | [CVE-2024-7057](https://nvd.nist.gov/vuln/detail/CVE-2024-7057) | 4.3 | Medium |
| GitLab Community Edition (CE) <br/> Enterprise Edition (EE) | - 12.0 **before** 17.0.5 </br> - 17.1 **before** 17.1.3 </br> - 17.2 **before** 17.2.1 | [CVE-2024-0231](https://nvd.nist.gov/vuln/detail/CVE-2024-0231) | 2.7 | Low |

## What has been observed?

Expand All @@ -19,8 +20,8 @@ There is no evidence of exploitation affecting Western Australian Government net

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):

- [GitLab Patch Release](https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/)
- GitLab Patch Release: <https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/>

## Additional References

- [Securityonline blog post](https://securityonline.info/gitlab-patches-six-security-flaws-urges-immediate-update/)
- Securityonline blog post: <https://securityonline.info/gitlab-patches-six-security-flaws-urges-immediate-update/>

0 comments on commit a7b1e00

Please sign in to comment.