TR-20-073 (GitLab Zafiyeti)

Genel Bilgi

GitLab ve eklentilerinde kritik Hizmet Reddi zafiyetleri tespit edildi.

Etki

Birden çok mevcut güvenlik açıklığı nedeniyle, siber saldırganlar tarafından hedef alınan sistemlerde DoS zafiyetine sebebiyet verebilmektedir. Bu zafiyetin ileriki zamanlarda zararlı yazılım yaymakta da kullanılabileceği öngörülmektedir. CVE-2020-6832, CVE-2019-20142, CVE-2019-20143, CVE-2019-20144, CVE-2019-20145, CVE-2019-20146, CVE-2019-20147, CVE-2019-20148 ve CVE-2020-5197 .

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; GitLab güncellemelerini ivedilikle yapmalarını önermektedir.

Kaynaklar

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6833

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7966

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7967

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7968

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7969

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7971

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7972

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7973

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7974

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7977

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7978

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7979

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8114

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7976

2020-02-06