CVE-2022-1162

nvd nist nuclei

Published: Apr 4, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 14.7.0 to 14.7.7
Gitlab Gitlab	From 14.8.0 to 14.8.5
Gitlab Gitlab	From 14.9.0 to 14.9.2
Gitlab Gitlab	From 14.7.0 to 14.7.7
Gitlab Gitlab	From 14.8.0 to 14.8.5
Gitlab Gitlab	From 14.9.0 to 14.9.2

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html

Source: cve@gitlab.com

Third Party AdvisoryVDB Entry

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/357210

Source: cve@gitlab.com

Broken Link

http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/357210

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.