GitLab addressed critical account take over via SCIM email change

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts.

GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account.

The vulnerability impacts all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.

“When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus – in the absence of 2FA – take over those accounts.” reads the advisory published by GitHub. “It is also possible for the attacker to change the display name and username of the targeted account.”

This CVE-2022-1680 flaw was discovered by a member of the GitLab team.

The company also addressed other seven flaws, the complete list is reported in the following table:

Title Severity
Account take over via SCIM email change critical
Stored XSS in Jira integration high
Quick action commands susceptible to XSS high
IP allowlist bypass when using Trigger tokens medium
IP allowlist bypass when using Project Deploy Tokens medium
Improper authorization in the Interactive Web Terminal medium
Subgroup member can list members of parent group medium
Group member lock bypass low

The company urges users to upgrade to the latest version as soon as possible.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, GitLab)

The post GitLab addressed critical account take over via SCIM email change appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source