Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts

Security Affairs

GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […]

The post Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts appeared first on Security Affairs.