Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11GitLab patches critical vulnerability that allows hackers to take control of accounts
This vulnerability was discovered by GitLab employees themselves and is tracked under the code CVE-2022-1162. It affects both GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE-2022-1162 comes from an inadvertently set static password during OmniAuth-based registration in GitLab CE/EE.
"Hard-coded passwords were set for accounts registered with OmniAuth providers (e.g. OAuth, LDAP, SAML) in GitLab CE/EE version 14.7 prior to 14.7.7, 14.8 prior to 14.8.5 and 14.9 before 14.9.2 allowed hackers to take control of the account," the GitLab team shared.
GitLab urges users to immediately upgrade all GitLab installations to the latest version (14.9.2, 14.8.5 or 14.7.7) to prevent the risk of being hacked.
As part of an effort to mitigate the damage of CVE-2022-1162, GitLab said it has reset the passwords of some GitLab.com users. In addition, a recently submitted commit revealed that GitLab removed the file "lib/gitlab/password.rb" that was used to attach a weakly hard-coded password to the row number "TEST_DEFAULT".
GitLab says it has not seen any evidence of user accounts being compromised by hackers by exploiting this vulnerability. Even so, GitLab still creates a script that administrators can use to identify user accounts potentially affected by CVE-2022-1162. Details about the vulnerability and how to download the script can be found here.
Once a potentially affected user account is identified, an administrator should reset the user's password.
More than 100,000 organizations use GitLab's DevOps platform, and an estimated 30 million users from 66 countries are registered with the platform.
Kareem WintersYou should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emails
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
May be interested
- New phishing toolkit discovered that makes it easy to create fake Chrome browser windows
international security researchers have recently discovered a dangerous set of phishing tools. this tool is designed to allow scammers and cybercriminals to create simple and effective online phishing login forms using just a fake chrome browser window. - Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affectedsecurity research team vusec and intel have just released a notice of a dangerous remote execution vulnerability of the specter class, known as branch history injection or bhi.
- Notorious botnet TrickBot stopped working, redirected to another form of malicious code that could be more dangeroustrickbot, one of the most active and damaging botnets ever recorded worldwide.
- NVIDIA suffered a cyber attack, massive damage estimatednvidia is the next big name to be targeted by hackers in 2022. according to a report from the telegraph, the us computer hardware maker seems to have suffered a serious attack, possibly affects the majority of its business worldwide.
- Ransomware is being used as bait in data destruction attacks targeting Ukraineinternational security researchers have issued a warning about a new type of data erasure malware that is currently being deployed in destructive attacks targeting ukraine's network infrastructure.
- Detecting botnets that can easily bypass Windows Defender and steal crypto wallet datathe sharp increase in the value of cryptocurrency transactions in the past few years has led to the trend of global online systems being attacked by botnets that steal virtual currency.
Attack the network
The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- Mozilla patches a vulnerability in Firefox that helps hackers gain admin rights of Windows
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds
'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
Mozilla patches a vulnerability in Firefox that helps hackers gain admin rights of Windows
Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites