TR-20-816 (GitLab Zafiyeti)

Genel Bilgi

GitLab ve eklentilerinde kritik XSS ve DoS zafiyetleri tespit edildi.

Etki

Birden çok mevcut güvenlik açıklığı nedeniyle, siber saldırganlar tarafından hedef alınan sistemlerde zafiyete sebebiyet verebilmektedir. Bu zafiyetin ileriki zamanlarda zararlı yazılım yaymakta da kullanılabileceği öngörülmektedir. CVE-2020-13331, CVE-2020-13296, CVE-2020-13319, CVE-2020-13320, CVE-2020-13321, CVE-2020-13322, CVE-2020-13323, CVE-2020-13324, CVE-2020-13325, CVE-2020-13326, CVE-2020-13328, CVE-2020-13329, CVE-2020-13330 ve CVE-2020-13336 .

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; GitLab güncellemelerini ivedilikle yapmalarını önermektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13296

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13319

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13320

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13321

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13322

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13323

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13324

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13325

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13326

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13328

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13331

2020-10-02