After fixing a severe account takeover vulnerability, GitLab has reset the passwords of some user accounts.
According to the firm, when an account was registered using an OmniAuth provider in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set.
The CVE-2022-1162 (CVSS score of 9.1) critical-severity flaw could allow attackers to take control of accounts. GitLab also reset the passwords of individuals who it believes were affected by the flaw, in addition to fixing the vulnerability.
Read More: https://www.securityweek.com/gitlab-patches-critical-account-takeover-vulnerability
