GitLab Archives - Page 2 of 2

Pierluigi Paganini April 02, 2022

Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts

GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […]

Pierluigi Paganini November 02, 2021

50% of internet-facing GitLab installations are still affected by a RCE flaw

Researchers warn of a now-fixed critical remote code execution (RCE) vulnerability in GitLab ‘s web interface actively exploited in the wild. Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked as CVE-2021-22205, in GitLab’s web interface that has been actively exploited in the wild. The vulnerability is an improper validation issue of […]

Pierluigi Paganini November 04, 2019

GitLab plans to ban hires in China and Russia due to espionage concerns

The popular code hosting platform GitLab is considering to block new hires from China and Russia due to espionage concerns. GitLab is a popular code hosting platform GitLab that is currently used by several major tech companies including IBM, Sony, NASA, Alibaba, Oracle, Invincea, Boeing, and SpaceX. The news was confirmed by Eric Johnson, VP […]

GitLab

Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts

50% of internet-facing GitLab installations are still affected by a RCE flaw

GitLab plans to ban hires in China and Russia due to espionage concerns

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Severe Hikvision HikCentral product flaws: What You Need to Know

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

Google addressed two Android flaws actively exploited in targeted attacks

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

GitLab

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!