• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
gitlab issues security patch for critical account takeover vulnerability

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

You are here: Home / General Cyber Security News / GitLab Issues Security Patch for Critical Account Takeover Vulnerability
June 3, 2022

GitLab has moved to address a critical security flaw in its provider that, if effectively exploited, could final result in an account takeover.

Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was found internally by the firm. The security flaw impacts all variations of GitLab Enterprise Version (EE) setting up from 11.10 prior to 14.9.5, all variations starting off from 14.10 before 14.10.4, and all versions starting from 15. in advance of 15..1.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“When team SAML SSO is configured, the SCIM attribute (available only on Premium+ subscriptions) could make it possible for any proprietor of a Top quality group to invite arbitrary end users by their username and email, then adjust those people users’ email addresses by way of SCIM to an attacker controlled email handle and as a result — in the absence of 2FA — get in excess of all those accounts,” GitLab reported.

Getting attained this, a malicious actor can also adjust the display screen title and username of the focused account, the DevOps system company cautioned in its advisory printed on June 1, 2022.

CyberSecurity

Also settled by GitLab in versions 15..1, 14.10.4, and 14.9.5 are seven other security vulnerabilities, two of which are rated higher, 4 are rated medium, and 1 is rated very low in severity.

Customers jogging an afflicted installation of the aforementioned bugs are advised to improve to the most recent variation as before long as achievable.

Observed this posting interesting? Adhere to THN on Facebook, Twitter  and LinkedIn to go through more distinctive content we article.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «chinese luoyu hackers using man on the side attacks to deploy windealer backdoor Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
Next Post: Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild atlassian releases patch for confluence zero day flaw exploited in the»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.