CVE-2022-1162

Description from NVD

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

Information Acquisition Date:2022-04-30T16:40Z

CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json
source:CONFIRM
tags:Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/357210
source:MISC
tags:Broken Link

http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html
source:MISC
tags:Third Party Advisory VDB Entry

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
https://cvetrends.com	54
http://twinybots.ch	33
https://thehackernews.com/2022/04/gitlab-releases-patch-for...	10
https://opsmtrs.com/2ZFbaTl	9
https://securityaffairs.co/wordpress/129730/hacking/cve-202...	5
https://www.bleepingcomputer.com/news/security/critical-git...	5
https://ift.tt/VDOfqpM	4
https://twitter.com/BleepinComputer/status/1509906703789273090	4
https://securityonline.info/cve-2022-1162-gitlab-vulnerability	4
https://about.gitlab.com/releases/2022/03/31/critical-secur...	3

Information from Twitter

User	URL	Info Source	Date
VulmonFeeds	https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	Source VulmonFeeds 1640817809998376960	2023/03/29

List of frequently cited URLs

URL	Num of Times Referred to
cvetrends.com	54
twinybots.ch	33
thehackernews.com	10
opsmtrs.com	9
securityaffairs.co	5
www.bleepingcomputer.com	5
ift.tt	4
twitter.com	4
securityonline.info	4
about.gitlab.com	3

Information from Twitter

User	URL	Info Source
VulmonFeeds	alerts.vulmon.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
Greenwolf/CVE-2022-1162	https://github.com/Greenwolf/CVE-2022-1162

GitHub Search Results: Up to 10

Name	URL
Greenwolf/CVE-2022-1162	github.com

2023/03/29 Score : 1
Added Har-sia Database : 2022/04/01
Last Modified : 2023/03/29
Highest Scored Date : 2022/04/02
Highest Score : 61