|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-04-13 | |
| Rule Name: | Gitlab OAuth Hard Coeded Password Vulnerability (CVE-2022-1162) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json https://gitlab.com/gitlab-org/gitlab/-/issues/357210 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ |