GitLab Fixes Critical Severity Flaw That Allows Attackers To Take Over Accounts

Share post:

GitLab has fixed a critical severity flaw tracked as CVE-2022-1162 affecting both GitLab Community Edition (CE) and Enterprise Edition (EE).

GitLab said it reset the passwords of a limited number of users as part of the CVE 2022-1162 mitigation effort.

The vulnerability allows remote attackers to take over user accounts with strongly encrypted passwords. The flaw surfaced from static passwords accidentally set during OmniAuth-based registration in GitLab CE/EE.

GitLab recommended users to upgrade to the latest versions (14.9.2, 14.8.5, or 14.7.7) to limit attacks from the exploited vulnerability.

“We executed a reset of passwords for a selected set of users starting at 15:38 UTC. Our investigation shows no indication that users or accounts have been compromised, but we’re taking precautionary measures for our users’ security,” the GitLab team said.

GitLab explained that no user accounts have been compromised, and after potentially affected user accounts are identified, administrators are advised to reset user passwords.

For more information, read the original story in BleepingComputer.



Related articles

Cyber Security Today, March 22, 2023 – ChatGPT4 is out, poorly-protected Linux servers are exploited, and more

ChatGPT4 is out, poorly-protected Linux servers are exploited, and more. Welcome to Cyber Security Today. It’s Wednesday, March 22nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S. The new version of ChatGPT has been released. But if you were hoping that version 4 has made this tool safer

Only 9 per cent of Canadian firms are cyber mature: Cisco report

Only 15 per cent of companies around the world would have a mature cyber readiness, according to survey

Ferrari notifies customers of ransom demand

Exclusive car maker says some client contact information exposed in cy

Government backs down on document demand from Google, Facebook

Change meets criticism that demand for external communications is an invasion

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways