vendor:
Gitlab CE/EE
by:
Greenwolf
9.8
CVSS
CRITICAL
Authentication Bypass
287
CWE
Product Name: Gitlab CE/EE
Affected Version From: 14.7
Affected Version To: 14.9.2002
Patch Exists: YES
Related CWE: CVE-2022-1162
CPE: a:gitlab:gitlab_ce
Tags: cve,cve2022,gitlab,packetstorm
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References:
https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester, https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1162, http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html, https://nvd.nist.gov/vuln/detail/cve-2022-1162
Nuclei Metadata: {'max-request': 1, 'shodan-query': 'http.title:"GitLab"', 'vendor': 'gitlab', 'product': 'gitlab'}
Platforms Tested: Linux
2022
Gitlab 14.9 – Authentication Bypass
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts. New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password: 123qweQWE!@#000000000
Mitigation:
Upgrade to GitLab CE/EE versions 14.7.7, 14.8.5, and 14.9.2 or later.
