Client Application Firewall
GitLab.OmniAuth.Password.Security.Bypass
Description
This indicates an attack attempt against a Security Bypass Vulnerability in GitLab CE/EE.
The vulnerability is due to a hardcoded password found in the vulnerable application. A remote attacker may be able to exploit this to obtain access to the system via a crafted request.
Affected Products
GitLab CE/EE versions 14.7 prior to 14.7.7
GitLab CE/EE versions 14.8 prior to 14.8.5
GitLab CE/EE versions 14.9 prior to 14.9.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-06-20 | 21.341 |
| ID | 51575 |
| Created | May 31, 2022 |
| Updated | Jun 17, 2022 |
| Risk |
|
| CVE ID | CVE-2022-1162 |
| Exploit Prediction Score | 24.45% |
| Default Action | drop |
| Affected OS | Linux |
| Affected App | Other |