GitLab 15.7.3 version : security vulnerabilities fixing

Hi Team,

We have deployed GitLab 15.7.3 (Chart version: 6.7.3) on our Open Shift Container Platform(4.10.45) cluster and used the Prisma tool to scan the GitLab namespace, discovered some vulnerabilities in the GitLab images.

For gitlab-org/build/cng/gitlab-exporter:11.18.2 image, We got the following CVEs.
CVE-2021-46848
CVE-2022-47629
CVE-2022-32221
CVE-2022-42916
CVE-2022-43551

For gitlab-org/build/cng/gitlab-container-registry:v3.63.0-gitlab image, we got following CVEs
CVE-2022-32221
CVE-2022-42916
CVE-2022-43551
CVE-2022-2879
CVE-2022-2880
CVE-2022-41715

gitlab-org/build/cng/gitlab-kas:v15.7.0 image, we got following CVEs
CVE-2022-41716
CVE-2022-41717

For gitlab-org/build/cng/gitlab-shell:v14.14.0 image, we got following CVEs
CVE-2022-32221
CVE-2022-42916
CVE-2022-43551
CVE-2022-2880
CVE-2022-41715
CVE-2022-2879

Please let us know, are the above CVEs affecting GitLab? If yes, please provide a patch procedure to fix these vulnerabilities in the GitLab Version 15.7.3.

Hi, why not just upgrade to 15.8.1 which has a lot of the recent CVE’s fixed.

I’m pretty sure they won’t fix/patch 15.7.3 - if anything they would release 15.7.4 that would address it. Either way, it would still require you to upgrade.

2 Likes

Thank you for your response.