As we can read in Bleeping Computer, it has been discovered a vulnerability in GitLab that could allow a remote attacker to take control of user accounts because of passwords that were in the application code. This is a highly criticized security practice, Well, there are not a few times in which passwords with full access have been found in the code of an application.
this vulnerability, with code CVE-2022-1162affects both GitLab Community Edition and Enterprise Edition, so all GitLab users will need to be aware and update as soon as possible, as it is the only real solution to the problem. The passwords affected accounts registered through an OmniAuth provider, such as OAuth, LADP, or SAML.
GitLab has urged users to update to versions 14.9.2, 14.8.5, or 14.7.7, in the case of three versions that already have the bug fixed, and although GitLab does not seem to ensure complete peace of mind, sI have indicated that no activity related to the hacking of Otka has been detected.
GitLab has also provided a script that will allow system administrators to identify accounts that may have been affected. to urge their owners to change their password.
End of Article. Tell us something in the Comments!
Avid technology and electronics enthusiast. I’ve been messing around with computer components almost since I could walk. I started working at Geeknetic after winning a contest on their forum about writing hardware articles. Drift, mechanics and photography lover. Feel free to leave a comment on my articles if you have any questions.