Source |
Security Affairs |
Identifiant |
4384181 |
Date de publication |
2022-04-02 10:00:39 (vue: 2022-04-02 10:05:12) |
Titre |
Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts |
Texte |
GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […]
|
Envoyé |
Oui |
Condensat |
“a 1162 2022 accounts actors addressed allow allowed as cve attackers based ce/ee could critical cve cvss during flaw gitlab hardcoded has ldap oauth omniauth over password passwords provider registered registration related remote score set static take threat tracked user using vulnerability |
Tags |
Vulnerability
Threat
|
Stories |
|
Notes |
|
Move |
|