• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
gitlab releases patch for critical vulnerability that could let attackers

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts

You are here: Home / General Cyber Security News / GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
April 2, 2022

DevOps system GitLab has launched software package updates to deal with a critical security vulnerability that, if most likely exploited, could allow an adversary to seize control of accounts.

Tracked as CVE-2022-1162, the issue has a CVSS rating of 9.1 and is said to have been found internally by the GitLab crew.

CyberSecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“A hardcoded password was set for accounts registered utilizing an OmniAuth service provider (e.g., OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to most likely take about accounts,” the business stated in an advisory printed on March 31.

GitLab, which has resolved the bug with the most up-to-date release of variations 14.9.2, 14.8.5, and 14.7.7 for GitLab Community Version (CE) and Company Edition (EE), also explained it took the action of resetting the password of an unspecified number of consumers out of an abundance of caution.

GitLab Critical Vulnerability

“Our investigation exhibits no indicator that consumers or accounts have been compromised,” it added.

CyberSecurity

The firm has also released a script that directors of self-managed cases can run to one out accounts possibly impacted by CVE-2022-1162. Just after the impacted accounts are recognized, a password reset has been suggested.

Also resolved by GitLab as section of the security update are two large-severity stored cross-web-site scripting (XSS) bugs (CVE-2022-1175 and CVE-2022-1190) as very well as nine medium-severity flaws and five issues that are rated reduced in severity.

In light-weight of the criticality of some of the issues, consumers functioning afflicted installations are really recommended to enhance to the most current edition as before long as probable.

Observed this post appealing? Adhere to THN on Facebook, Twitter  and LinkedIn to read far more special content material we write-up.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News House Passes Better Cybercrime Metrics Act
Next Post: British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group british police charge two teenagers linked to lapsus$ hacker group»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
  • Threat Actors Spread RAT Via Pokemon NFT Card Site
  • FCC Wants to Accelerate Breach Reporting for Telcos

Copyright © TheCyberSecurity.News, All Rights Reserved.