Gitlab releases patch for critical vulnerability that could let attackers hijack accounts – My Genius Insider
ADVERTISEMENT
  • Home
  • News
  • Sports
  • Soccer Live Matches
  • PSL
  • About Us
  • World sport
  • Finances
  • Technology
Tuesday, January 24, 2023
  • Login
No Result
View All Result
My Genius Insider
ADVERTISEMENT
My Genius Insider
No Result
View All Result
  • Home
  • News
  • Sports
  • Soccer Live Matches
  • PSL
  • About Us
  • World sport
  • Finances
  • Technology
ADVERTISEMENT

Gitlab releases patch for critical vulnerability that could let attackers hijack accounts

Cpho masinger by Cpho masinger
10 months ago
in News
0
Gitlab releases patch for critical vulnerability that could let attackers hijack accounts
0
SHARES
13
VIEWS
Share on FacebookShare on Twitter
ADVERTISEMENT

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.

The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE).

You might also like

Gas truck explode under bridge at BBH

Gas truck explode under bridge at BBH

December 24, 2022
Zwane breaks silence on Caleb Bimenyimana

Chiefs affirm that they are looking for well-known strikers.

October 23, 2022
Mathoho is drawing up to the Chiefs exit gate

Mathoho is drawing up to the Chiefs exit gate

October 20, 2022

and Enterprise Edition (EE).

Beastmode botnet boosts DDoS power with new router exploits
This flaw results from static passwords accidentally set during OmniAuth-based registration in GitLab CE/EE.

“A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts,” the GitLab team explained in a security advisory published on Thursday.

Popular Stories Right now
Ace Ncobo was also hated for standing his ground that’s what we do
Kaizer Chiefs’ Bimenyimana says he won’t make ‘Pirates signal’ again in SA
🙆🏿‍♂️🗣 Khune reveals how he lost shape 

GitLab urged users to immediately upgrade all GitLab installations to the latest versions (14.9.2, 14.8.5, or 14.7.7) to block potential attacks.

“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” they said.

A code commit submitted two days shows that GitLab deleted the ‘lib/gitlab/password.rb’ file, which was used to assign a weak hardcoded password to the ‘TEST_DEFAULT’ constant.

GitLab also added that it reset the passwords of a limited number of GitLab.com users as part of the CVE-2022-1162 mitigation effort.

Advertisement. Scroll to continue reading.
ADVERTISEMENT

It also found no evidence that any accounts have been compromised by attackers using this hardcode password security flaw.

ADVERTISEMENT

“We executed a reset of GitLab.com passwords for a selected set of users as of 15:38 UTC,” the GitLab team said.

Advertisement. Scroll to continue reading.

“Our investigation shows no indication that users or accounts have been compromised but we’re taking precautionary measures for our users’ security.”

Advertisement. Scroll to continue reading.

When asked to share the number of Gitlab.com users who had their passwords reset, a GitLab spokesperson shared the info already available in the advisory telling BleepingComputer that they only did it for “a selected set of users.”

Photos Source Beker

  • Ace Ncobo was also hated for standing his ground that’s what we do
    Ace Ncobo was also hated for standing his ground that’s what we do
    October 3, 2022
  • Kaizer Chiefs’ Bimenyimana says he won’t make ‘Pirates signal’ again in SA
    Kaizer Chiefs’ Bimenyimana says he won’t make ‘Pirates signal’ again in SA
    September 21, 2022

Tags: Hackers
ShareTweetShare
ADVERTISEMENT
Previous Post

Kaizer Chiefs player Njabulo Ngcobo rates his Midfield Role

Next Post

Could Benni McCarthy be able to coach Amakhosi this time??

Cpho masinger

Cpho masinger

Wordpress developer

Related Posts

Gas truck explode under bridge at BBH
News

Gas truck explode under bridge at BBH

by TheeGenius007
December 24, 2022
0

❗Warning not for sensitive viewers ❗   One sensitive photo was deleted, thank you to the member who contacted me,...

Zwane breaks silence on Caleb Bimenyimana
News

Chiefs affirm that they are looking for well-known strikers.

by Senzo Sambo
October 23, 2022
0

Kaizer Chiefs head coach Arthur Zwane has confirmed that the club is looking to reinforce the striking department. The Soweto-born...

Mathoho is drawing up to the Chiefs exit gate
News

Mathoho is drawing up to the Chiefs exit gate

by Senzo Sambo
October 20, 2022
0

Does Erick Mathoho have a Kaizer Chiefs future? Here's latest news for Amakhosi Defender The latest report says the two...

Zwane breaks silence on Caleb Bimenyimana

Zwane breaks silence on Caleb Bimenyimana

October 20, 2022
Kaizer Chiefs and Arthur Zwane CONFIRM all transfer targets!

Kaizer Chiefs and Arthur Zwane CONFIRM all transfer targets!

October 18, 2022
Load More
Next Post
Could Benni McCarthy be able to coach Amakhosi this time??

Could Benni McCarthy be able to coach Amakhosi this time??

“Luuk de Jong” the healthy player is positive for COVID-19

"Luuk de Jong" the healthy player is positive for COVID-19

Discussion about this post

Calendar

January 2023
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Dec    
ADVERTISEMENT

© 2022

No Result
View All Result
  • About Us
  • DMCA
  • England VS Senegal Live Stream
  • Home
  • Privacy Policy
  • Soccer Live Matches
  • Terms and Conditions
  • World Cup Live Matches

© 2022

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In