GitLab Critical Security Release: 15.1.1, 15.0.4, and 14.10.5

Full Notes: https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/

The most concerning issue regards remote code execution through project imports. https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/#remote-command-execution-via-project-imports

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authorised user could import a maliciously crafted project leading to remote code execution. This is a critical severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, 9.9). It is now mitigated in the latest release and is assigned CVE-2022-2185.

Admin message

GitLab Critical Security Release: 15.1.1, 15.0.4, and 14.10.5