Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Critical GitLab Vulnerability Lets Attackers Take Over Accounts (bleepingcomputer.com) 3

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. Bleeping Computer reports: The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw results from static passwords accidentally set during OmniAuth-based registration in GitLab CE/EE. GitLab urged users to immediately upgrade all GitLab installations to the latest versions (14.9.2, 14.8.5, or 14.7.7) to block potential attacks. GitLab also added that it reset the passwords of a limited number of GitLab.com users as part of the CVE-2022-1162 mitigation effort. It also found no evidence that any accounts have been compromised by attackers using this hardcode password security flaw.
This discussion has been archived. No new comments can be posted.

Critical GitLab Vulnerability Lets Attackers Take Over Accounts

Comments Filter:
  • Rather than expose my internal Gitlab for public projects I mirror them to Github. This works out to be the best of both worlds for me.

    VPN is for internal users.

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...