GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account.
The vulnerability impacts all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.
“When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus – in the absence of 2FA – take over those accounts.” reads the advisory published by GitHub. “It is also possible for the attacker to change the display name and username of the targeted account.”
This CVE-2022-1680 flaw was discovered by a member of the GitLab team.
The company also addressed other seven flaws, the complete list is reported in the following table:
|Account take over via SCIM email change||critical|
|Stored XSS in Jira integration||high|
|Quick action commands susceptible to XSS||high|
|IP allowlist bypass when using Trigger tokens||medium|
|IP allowlist bypass when using Project Deploy Tokens||medium|
|Improper authorization in the Interactive Web Terminal||medium|
|Subgroup member can list members of parent group||medium|
|Group member lock bypass||low|
The company urges users to upgrade to the latest version as soon as possible.
Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.
Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)
To nominate, please visit:
(SecurityAffairs – hacking, GitLab)