CVE-2022-1162

Summary

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.9, <14.9.2affected
GitLabGitLab>=14.8, <14.8.5affected
GitLabGitLab>=14.7, <14.7.7affected

Weaknesses

  • Use of hard-coded credentials in GitLab

ADP Enrichment

CVE Program Container

Additional References

References