GitLab Fixes Critical Severity Flaw That Allows Attackers To Take Over Accounts

Share post:

GitLab has fixed a critical severity flaw tracked as CVE-2022-1162 affecting both GitLab Community Edition (CE) and Enterprise Edition (EE).

GitLab said it reset the passwords of a limited number of users as part of the CVE 2022-1162 mitigation effort.

The vulnerability allows remote attackers to take over user accounts with strongly encrypted passwords. The flaw surfaced from static passwords accidentally set during OmniAuth-based registration in GitLab CE/EE.

GitLab recommended users to upgrade to the latest versions (14.9.2, 14.8.5, or 14.7.7) to limit attacks from the exploited vulnerability.

“We executed a reset of passwords for a selected set of users starting at 15:38 UTC. Our investigation shows no indication that users or accounts have been compromised, but we’re taking precautionary measures for our users’ security,” the GitLab team said.

GitLab explained that no user accounts have been compromised, and after potentially affected user accounts are identified, administrators are advised to reset user passwords.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs


Related articles

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways