GitLab has released a patch for the critical RCE vulnerability CVE-2022-2884 (CVSS 9.9), which allows an authorized hacker to remotely execute code on a device via GitLab Import API.
The vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE).
GitLab encourages users to promptly install updates to affected versions. For those who are unable to update the firmware, an alternative has been provided. The platform recommended to disable the GitLab import feature in the "Visibility and Access Control" tab of the "Settings" menu after authenticating as an administrator.