Service Notices
GitLab Security Vulnerabilities
Apr 01, 2021 GMT+08:00
I. Overview
GitLab has officially released security updates to fix multiple security vulnerabilities in GitLab CE/EE. The following two vulnerabilities are rated by GitLab as critical and high, respectively. Attackers can exploit these vulnerabilities to read any file on the server.
1. Arbitrary File Read During Project Import (severity: critical)
2. Kroki Arbitrary File Read/Write (severity: high)
If you are a GitLab user, check your system and implement timely security hardening.
Reference link:
GitLab Security Release: 13.10.1, 13.9.5, and 13.8.7
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
GitLab CE/EE after 13.9.5 and before 13.10.1
GitLab CE/EE after 13.8.7 and before 13.9.5
GitLab CE/EE before 13.8.7
Secure versions:
GitLab CE/EE 13.10.1
GitLab CE/EE 13.9.5
GitLab CE/EE 13.8.7
IV. Vulnerability Handling
This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.
https://about.gitlab.com/update/
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.