From thehackernews.com
DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems.
Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1.
At its core, the security weakness is a case of authenticated remote code execution that can be triggered via the GitHub import API. GitLab credited yvvdwf with discovering and reporting the flaw.