GitLab security update fixes critical account take over flaw

GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.

Getting control over a GitLab account comes with severe consequences as hackers could gain access to developers’ projects and steal source code.

Tracked as CVE-2022-1680 and rated with a critical severity score of of 9.9, the vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0.

“When group SAML SSO is configured, the SCIM feature may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker-controlled email address and thus – in the absence of 2FA – take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.” – GitLab.

All GitLab users should move to the latest available versions as soon as possible.

The security updates contain fixes for two more high-severity flaws.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.
PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email

Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.