GitLab, a DevOps platform, has released security patches to address a number of issues, including a critical-severity problem that could lead to account takeover.
The security flaw, known as CVE-2022-1680 (CVSS 9.9), was discovered in GitLab Enterprise Edition (EE), and it affects all versions from 11.10 to 14.9.5, 14.10 to 14.10.4, and 15.0 to 15.0.1. As a result, if the impacted accounts do not have two-factor authentication setup, the attacker will be able to take control of them.
Self-managed administrators are advised to check whether group SAML is enabled on their deployments, according to the platform. GitLab EE and GitLab Community Edition have also been updated to fix two high-severity issues, according to the company (CE).