GitLab, in a security advisory today, revealed a critical vulnerability infested in both Community Edition (CE) and Enterprise Edition (EE), through which hackers can remotely take over user accounts.
It’s about the leakage of hardcoded passwords that were formed when users register through OmniAuth providers. Since they’re turning such accounts vulnerable, GitLab issued a patch and urged users to update their clients immediately. Also, as a precautionary measure, it had reset the accounts credentials of selected users.
Password Vulnerability in GitLab Suite
Hardcoded passwords, which are embedded into a source code without being encrypted, are always vulnerable to hacks. Since they’re easily exposed, concerned platform makers should always look for such instances and coverup. And GitLab did just now.
As per a security advisory , it reported today, GitLab said a critical vulnerability tracked as CVE-2022-1162 affects its GitLab Community Edition (CE) and Enterprise Edition (EE), versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 before 14.9.2.
At this time, no malicious activity or compromise has been identified on https://t.co/C4mACZpLWf related to the potential Okta breach. We continue to monitor and investigate, and strongly recommend enabling MFA. You can see our response here: https://t.co/nlO7QcGq34 — ???? GitLab (@gitlab) March 22, 2022
