unique
August 23, 2022, 10:37am
1
Regarding CVE-2022-2884
Ref: GitLab Critical Security Release: 15.3.1, 15.2.3, 15.1.5 | GitLab
I believe I read somewhere while gathering info on this that it is possible to stop the Github API service in Gitlab in order to temporarily mitigate the risk of this bug.
Can anyone confirm please?
The mitigation in the link mentions about disabling Github import. That’s how you do it.
Login using an administrator account to your GitLab installation and perform the following:
Click "Menu" -> "Admin".
Click "Settings" -> "General".
Expand the "Visibility and access controls" tab.
Under "Import sources" disable the "GitHub" option.
Click "Save changes".
unique
August 23, 2022, 2:35pm
4
Yes, those details were not in the blog post when I first wrote.
Thanks for helping @iwalker @dnsmichi + @stanhu too.
2 Likes