An Interest In:
Web News this Week
- April 12, 2024
- April 11, 2024
- April 10, 2024
- April 9, 2024
- April 8, 2024
- April 7, 2024
- April 6, 2024
April 1, 2022 11:00 pm
Original Link: https://it.slashdot.org/story/22/04/01/2020202/critical-gitlab-vulnerability-lets-attackers-take-over-accounts?utm_source=rss1.0mainlinkanon&utm_mediu
Critical GitLab Vulnerability Lets Attackers Take Over Accounts
GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. Bleeping Computer reports: The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw results from static passwords accidentally set during OmniAuth-based registration in GitLab CE/EE. GitLab urged users to immediately upgrade all GitLab installations to the latest versions (14.9.2, 14.8.5, or 14.7.7) to block potential attacks. GitLab also added that it reset the passwords of a limited number of GitLab.com users as part of the CVE-2022-1162 mitigation effort. It also found no evidence that any accounts have been compromised by attackers using this hardcode password security flaw.Read more of this story at Slashdot.
Original Link: https://it.slashdot.org/story/22/04/01/2020202/critical-gitlab-vulnerability-lets-attackers-take-over-accounts?utm_source=rss1.0mainlinkanon&utm_mediu
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot