mrfito
August 29, 2022, 7:39pm
1
Hi,
We are running GitLab Community Edition 14.10.1 and because of CVE-2022-2884 , we are trying to implement the workaround
Click “Menu” → “Admin”.
Click “Settings” → “General”.
Expand the “Visibility and access controls” tab.
Under “Import sources” disable the “GitHub” option.
Click “Save changes”.
However, each time we click “Save changes”, we get a 500 error. How could we implement this workaround or troubleshoot this issue?
Thanks
Rodolfo
Can check stuff inside /var/log/gitlab/
instance. For example if you update that IMPORT setting. A successful SAVE should result a POST call in
cat /var/log/gitlab/gitlab-workhorse/current
Example
{
"content_type":"text/html; charset=utf-8",
"correlation_id":"aaaaaa",
"duration_ms":200,
"host":"myhost.com",
"level":"info",
"method":"POST",
"msg":"access",
"proto":"HTTP/1.1",
"referrer":"http://myhost.com/admin/application_settings/general",
"remote_addr":"999.0.0.1:0",
"remote_ip":"999.0.0.1",
"route":"",
"status":302,
"system":"http",
"time":"2022-08-30T14:20:20-04:00",
"ttfb_ms":200,
"uri":"/admin/application_settings/general",
"user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.11.1111.111 Safari/999.99",
"written_bytes":138
}
Maybe there’s a 500 error code somewhere.
mrfito
August 31, 2022, 12:09am
3
We looked at the logs using the gitlab-ctl tool and could see the 500 error but it was not clear what was causing it. However, we noticed that some database migrations were in incomplete state. A smarter person suggested that could be an issue and addressed it by running
gitlab-rake gitlab:background_migrations:finalize[ProjectNamespaces::BackfillProjectNamespaces,projects,id,'[null\,"up"]']gitlab-rake db:migrategitlab-ctl reconfiguregitlab-ctl restart
After that we were able to use the GUI to disable import sources. Thanks for the help.