Account take over vulnerability in Gitlab-ce and Gitlab-ee - CVE-2022-1162 (rpm)ID: oval:org.secpod.oval:def:78572 | Date: (C)2022-04-05 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 14.7.x prior to 14.7.7, 14.8.x prior to 14.8.5, or 14.9.x prior to 14.9.2 and is prone to an account take over vulnerability. A flaw is present in the application, due to a hardcoded password set for accounts registered using an OmniAuth provider. Successful exploitation allows attackers to potentially take over accounts.
Product: |
gitlab-ce |
gitlab-ee |