• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

You are here: Home / General Cyber Security News / GitLab Issues Security Patch for Critical Account Takeover Vulnerability
June 3, 2022

Account Takeover Vulnerability

GitLab has moved to address a critical security flaw in its provider that, if effectively exploited, could final result in an account takeover.

Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was found internally by the firm. The security flaw impacts all variations of GitLab Enterprise Version (EE) setting up from 11.10 prior to 14.9.5, all variations starting off from 14.10 before 14.10.4, and all versions starting from 15. in advance of 15..1.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

“When team SAML SSO is configured, the SCIM attribute (available only on Premium+ subscriptions) could make it possible for any proprietor of a Top quality group to invite arbitrary end users by their username and email, then adjust those people users’ email addresses by way of SCIM to an attacker controlled email handle and as a result — in the absence of 2FA — get in excess of all those accounts,” GitLab reported.

Getting attained this, a malicious actor can also adjust the display screen title and username of the focused account, the DevOps system company cautioned in its advisory printed on June 1, 2022.

CyberSecurity

Also settled by GitLab in versions 15..1, 14.10.4, and 14.9.5 are seven other security vulnerabilities, two of which are rated higher, 4 are rated medium, and 1 is rated very low in severity.

Customers jogging an afflicted installation of the aforementioned bugs are advised to improve to the most recent variation as before long as achievable.

Observed this posting interesting? Adhere to THN on Facebook, Twitter  and LinkedIn to go through more distinctive content we article.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «chinese luoyu hackers using man on the side attacks to deploy windealer backdoor Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • GitLab Issues Security Patch for Critical Account Takeover Vulnerability
  • Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
  • Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
  • The Ultimate SaaS Security Posture Management (SSPM) Checklist
  • Evil Corp Pivots LockBit to Dodge U.S. Sanctions
  • Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network
  • Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
  • Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability
  • Threat Detection Software: A Deep Dive
  • Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.