Gitlab: Attacker can take over accounts

A critical vulnerability in Gitlab means that attackers can take over other user accounts. Besides updates, Gitlab Saas offering also reset all passwords of the system. In addition to the critical vulnerability, 16 other security leaks have been patched in the new version. The issues affect both Enterprise and Community Edition.

The programming error responsible for the critical vulnerability occurs in the OmniAuth registration. A hard-coded password was used internally for such accounts, allowing an attacker to take over such accounts.

The errors have been corrected in the new versions 14.7.7, 14.8.5 and 14.9.2.

Related articles

AWS Log4j vulnerabilities

The patch of the Log4j vulnerability for the Amazon Webservices (AWS) introduces a new security hole in the system. For this reason, AWS users should install the current hot patch against the Java vulnerability Log4j. The original vulnerability allowed remote attackers…

Windows attack via WSL

The telecommunications company Lumen Technologies has discovered almost 100 examples of malicious code that execute attacks on Windows via the Windows Subsystem for Linux (WSL) in the last few months. The Windows Subsystem for Linux is a compatibility layer for running Linux executables…

WordPress: Remote attacker can run commands

A remote attacker can exploit vulnerabilities in the WordPress CMS to run commands with elevated privileges. However, the attacker needs the rights to publish posts on the website. The attacker must place a script in the post for the attack,…

Android vulnerabilities: numerous patches

Google recently fixed 39 vulnerabilities in its Android system. This also includes a vulnerability with the highest security risk. This allows a remote attacker on Android 12 to gain higher privileges on the system. What is interesting about the vulnerability is the fact that…

Chrome web browser: Fixed numerous security vulnerabilities

Google recently released Chrome web browser version 99.0.4844.51 for Linux, Mac and Windows. In addition to some updates, this version also contains patches for a total of 28 security vulnerabilities. The security risk of nine of these vulnerabilities is classified by Google as high. The…

Webmin: Attacker can execute commands

Webmin is a free program package for remote administration of a computer with a Unix-like operating system. A web browser can be used to administrate the various server processes or daemons running on a Unix machine. A vulnerability in Webmin means that…