Question about CVSS 9.9 bug


Regarding CVE-2022-2884

Ref: GitLab Critical Security Release: 15.3.1, 15.2.3, 15.1.5 | GitLab

I believe I read somewhere while gathering info on this that it is possible to stop the Github API service in Gitlab in order to temporarily mitigate the risk of this bug.

Can anyone confirm please?

The mitigation in the link mentions about disabling Github import. That’s how you do it.

Thanks! For transparency, the details were added to the blog post in this MR Add workaround to disable GitHub import for 15.3.1 release (!110094) · Merge requests · / www-gitlab-com · GitLab

Yes, those details were not in the blog post when I first wrote.

Thanks for helping @iwalker @dnsmichi + @stanhu too.