Rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8.noarch found vulnerable in the security vulnerabilites scan

Balaji_Arun_Kumar_Sa · April 13, 2022, 1:10am

Problem: Package “rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8.noarch” found vulnerable in the security vulnerabilites scan

Expected outcome: Package “rubygem-gitlab-sidekiq-fetcher updated” and it is not vulnerable.

Foreman and Proxy versions: Foreman 3.2.0-1

Foreman and Proxy plugin versions: Foreman 3.2.0-1 and Katello 4.4.0-1

Distribution and version: RHEL 7.9 (Maipo)

Other relevant data:

I am unable to find a updated package.
Please help me to update the package rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8.noarch and resolve vulnerability issue.

Balaji_Arun_Kumar_Sa · April 13, 2022, 1:21am

Adding CVE’s for reference…

Gitlab: CVE-2022-0751: Inaccurate display of Snippet contents can be potentially misleading to users
Gitlab: CVE-2022-0741: Environment variables can be leaked via the sendmail delivery method

Vulnerability Proof: Vulnerable software installed: Gitlab 0.6.0

aruzicka · April 13, 2022, 7:01am

Both of the CVEs seem to affect gitlab only, not gitlab-sidekiq-fetcher. If you have gitlab installed, then you need to take this to the gitlab folks. If you don’t then you should be safe

Balaji_Arun_Kumar_Sa · April 13, 2022, 3:29pm

Thank you, Aruzicka!

Best regards,
Balaji Sankaran