Security News > 2022 > April > GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
![GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts](/static/build/img/news/gitlab-releases-patch-for-critical-vulnerability-that-could-let-attackers-hijack-accounts-medium.jpg)
DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts.
"A hardcoded password was set for accounts registered using an OmniAuth provider in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts," the company said in an advisory published on March 31.
GitLab, which has addressed the bug with the latest release of versions 14.9.2, 14.8.5, and 14.7.7 for GitLab Community Edition and Enterprise Edition, also said it took the step of resetting the password of an unspecified number of users out of an abundance of caution.
"Our investigation shows no indication that users or accounts have been compromised," it added.
The company has also published a script that administrators of self-managed instances can run to single out accounts potentially impacted by CVE-2022-1162.
After the affected accounts are identified, a password reset has been advised.
News URL
https://thehackernews.com/2022/04/gitlab-releases-patch-for-critical.html
Related news
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- Check Point warns customers to patch VPN vulnerability under active exploitation (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP! (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-04 | CVE-2022-1162 | Use of Hard-coded Credentials vulnerability in Gitlab A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. | 7.5 |