GitLab EEºÍCE ÐÅϢй¶·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2020-01-14

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-6832£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


GitLab EE 8.9.0 ¼°Ö®ºó°æ±¾


·ì϶¸ÅÊö


GitLabÊÇÃÀ¹úGitLab¹«Ë¾µÄÒ»¿îʹÓÃRuby on Rails¿ª·¢µÄ¡¢×ÔÍйܵġ¢Git£¨°æ±¾½ÚÔìϵͳ£©ÏîÄ¿²Ö¿âÀûÓ÷¨Ê½¡£¸Ã·¨Ê½¿ÉÓÃÓÚ²éÔÄÏîÖ÷ÕÅÎļþÄÚÈÝ¡¢Ìá½»º¹Çà¡¢BugÁбíµÈ¡£


GitLab¹Ù·½°ä²¼ÁËÒ»Ôò³ÁÒª°æ±¾¸üÐµİ²È«¹«¸æ£¬½¨¸´ÁËÒ»¸ö¿ÉÄܵ¼ÖÂ˽ÓÐÏîÄ¿ÐÅϢй¶µÄ·ì϶¡£ÔÚʹÓÃGitLabµÄÏîÄ¿µ¼ÈëÖ°ÄÜʱ£¬ÀûÓø÷ì϶¿É´Ó˽ÓÐÏîÄ¿ÖлñÈ¡µ½Ãô¸ÐÐÅÏ¢¡£


ÓйØÓû§¿Éͨ¹ý°æ±¾¼ì²âµÄ²½ÖèÅжϵ±Ç°ÀûÓÃÊÇ·ñ´æÔÚ·çÏÕ¡£Ê¹ÓÃÈçϺÅÁî¿É²é¿´µ±Ç°GitLabµÄ°æ±¾£ºcat /opt/gitlab/embedded/service/gitlab-rails/VERSION£¬Èôµ±Ç°°æ±¾ÔÚÊÜÓ°ÏìÁìÓòÄÚ£¬Ôò¿ÉÄÜ´æÔÚ°²È«·çÏÕ¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°¹Ù·½ÒÑÔÚ×îа汾Öн¨¸´Á˸÷ì϶£¬Óû§¿Éͨ¹ý°æ±¾Éý¼¶½øÐзÀ»¤¡£GitLabÏÂÔغÍ×°Öò½ÖèÇë²Î¿¼Á´½Ó£ºhttps://about.gitlab.com/update/¡£


²Î¿¼Á´½Ó


https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/