GitLab.OmniAuth.Password.Security.Bypass
Description
This indicates an attack attempt against a Security Bypass Vulnerability in GitLab CE/EE.
The vulnerability is due to a hardcoded password found in the vulnerable application. A remote attacker may be able to exploit this to obtain access to the system via a crafted request.
Affected Products
GitLab CE/EE versions 14.7 prior to 14.7.7
GitLab CE/EE versions 14.8 prior to 14.8.5
GitLab CE/EE versions 14.9 prior to 14.9.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |