• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
gitlab issues security patch for critical account takeover vulnerability

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

You are here: Home / General Cyber Security News / GitLab Issues Security Patch for Critical Account Takeover Vulnerability
June 3, 2022

GitLab has moved to address a critical security flaw in its provider that, if effectively exploited, could final result in an account takeover.

Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was found internally by the firm. The security flaw impacts all variations of GitLab Enterprise Version (EE) setting up from 11.10 prior to 14.9.5, all variations starting off from 14.10 before 14.10.4, and all versions starting from 15. in advance of 15..1.

CyberSecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“When team SAML SSO is configured, the SCIM attribute (available only on Premium+ subscriptions) could make it possible for any proprietor of a Top quality group to invite arbitrary end users by their username and email, then adjust those people users’ email addresses by way of SCIM to an attacker controlled email handle and as a result — in the absence of 2FA — get in excess of all those accounts,” GitLab reported.

Getting attained this, a malicious actor can also adjust the display screen title and username of the focused account, the DevOps system company cautioned in its advisory printed on June 1, 2022.

CyberSecurity

Also settled by GitLab in versions 15..1, 14.10.4, and 14.9.5 are seven other security vulnerabilities, two of which are rated higher, 4 are rated medium, and 1 is rated very low in severity.

Customers jogging an afflicted installation of the aforementioned bugs are advised to improve to the most recent variation as before long as achievable.

Observed this posting interesting? Adhere to THN on Facebook, Twitter  and LinkedIn to go through more distinctive content we article.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «chinese luoyu hackers using man on the side attacks to deploy windealer backdoor Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
Next Post: Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild atlassian releases patch for confluence zero day flaw exploited in the»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.