GitLab Community Edition default account | CVE-2022-1162
NAME
GitLab Community Edition default account
- Platforms Affected:
GitLab GitLab 14.7.6 Community
GitLab GitLab 14.7.6 Enterprise
GitLab GitLab 14.8.4 Community
GitLab GitLab 14.8.4 Enterprise
GitLab GitLab 14.9.1 Community
GitLab GitLab 14.9.1 Enterprise
GitLab GitLab 14.7 Community
GitLab GitLab 14.7 Enterprise
GitLab GitLab 14.8 Community
GitLab GitLab 14.8 Enterprise
GitLab GitLab 14.9 Community
GitLab GitLab 14.9 Enterprise - Risk Level:
9.1 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
GitLab Community Edition and GitLab Enterprise Edition contain a hardcoded password for accounts registered using an OmniAuth provider. An attacker could exploit this vulnerability to take over accounts.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of GitLab Community Edition (14.9.2, 14.8.5, 14.7.7, or later) or GitLab Enterprise Edition (14.9.2, 14.8.5, 14.7.7, or later), available from the GitLab Web site. See References.
- Reference Link:
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1162
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
