• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts

You are here: Home / General Cyber Security News / GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
April 2, 2022

Critical Vulnerability

DevOps system GitLab has launched software package updates to deal with a critical security vulnerability that, if most likely exploited, could allow an adversary to seize control of accounts.

Tracked as CVE-2022-1162, the issue has a CVSS rating of 9.1 and is said to have been found internally by the GitLab crew.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

“A hardcoded password was set for accounts registered utilizing an OmniAuth service provider (e.g., OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to most likely take about accounts,” the business stated in an advisory printed on March 31.

GitLab, which has resolved the bug with the most up-to-date release of variations 14.9.2, 14.8.5, and 14.7.7 for GitLab Community Version (CE) and Company Edition (EE), also explained it took the action of resetting the password of an unspecified number of consumers out of an abundance of caution.

GitLab Critical Vulnerability

“Our investigation exhibits no indicator that consumers or accounts have been compromised,” it added.

CyberSecurity

The firm has also released a script that directors of self-managed cases can run to one out accounts possibly impacted by CVE-2022-1162. Just after the impacted accounts are recognized, a password reset has been suggested.

Also resolved by GitLab as section of the security update are two large-severity stored cross-web-site scripting (XSS) bugs (CVE-2022-1175 and CVE-2022-1190) as very well as nine medium-severity flaws and five issues that are rated reduced in severity.

In light-weight of the criticality of some of the issues, consumers functioning afflicted installations are really recommended to enhance to the most current edition as before long as probable.

Observed this post appealing? Adhere to THN on Facebook, Twitter  and LinkedIn to read far more special content material we write-up.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News House Passes Better Cybercrime Metrics Act
Next Post: British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group british police charge two teenagers linked to lapsus$ hacker group»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group
  • GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
  • House Passes Better Cybercrime Metrics Act
  • US Cyber Command Partners with APUS
  • NSA Employee Accused of Sharing National Defense Secrets
  • Is Kaspersky still safe to use or does it pose a cyber security threat?
  • Russian Wiper Malware Responsible for Recent Cyberattack on Viasat KA-SAT Modems
  • Apple Rushes Out Patches for 0-Days in MacOS, iOS
  • Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code
  • Auvik Network Management review: A breeze to deploy

Copyright © TheCyberSecurity.News, All Rights Reserved.