Description:

GitLab has released 13.10.3, 13.9.6 and 13.8.8 to fix the vulnerabilities in various versions of GitLab.

Reports indicate that the vulnerability (CVE-2021-22205) is being exploited in the wild. You are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• GitLab Community Edition (CE) versions prior to 13.10.3, 13.9.6 and 13.8.8
• GitLab Enterprise Edition (EE) versions prior to 13.10.3, 13.9.6 and 13.8.8

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, security restriction bypass or spoofing on an affected system.

Recommendation:

Patches for affected software are available.  System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.

More Information:

• https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
• https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20210415
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965