GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts.

GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account.

The vulnerability impacts all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.

“When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus – in the absence of 2FA – take over those accounts.” reads the advisory published by GitHub. “It is also possible for the attacker to change the display name and username of the targeted account.”

This CVE-2022-1680 flaw was discovered by a member of the GitLab team.

The company also addressed other seven flaws, the complete list is reported in the following table:

TitleSeverityAccount take over via SCIM email changecriticalStored XSS in Jira integrationhighQuick action commands susceptible to XSShighIP allowlist bypass when using Trigger tokensmediumIP allowlist bypass when using Project Deploy TokensmediumImproper authorization in the Interactive Web TerminalmediumSubgroup member can list members of parent groupmediumGroup member lock bypasslowThe company urges users to upgrade to the latest version as soon as possible.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, GitLab)

The post GitLab addressed critical account take over via SCIM email change appeared first on Security Affairs.