GitLab Archives - Cyber Security Minute

5379 GitLab servers vulnerable to zero-click account takeover attacks

Issued by: Security Affairs

GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction. “An issue has been discovered in GitLab CE/EE…

Vulnerabilities

GitLab Patches Critical Account Takeover Vulnerability

Issued by: Security Week

According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. The critical-severity bug, which is tracked as CVE-2022-1162 (CVSS score of 9.1), could allow attackers to take over accounts. In addition…

Malware & Threats

Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205

Issued by: Help Net Security

Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue. What are the attackers doing with these servers? Damian Menscher, a security…