Malicious code in gitlab-accountid (npm)

The package communicates with a domain associated with malicious activity...

The vulnerability of the Bitbucket Credentials Handler component of the Git-based software platform allows a hacker to gain control of a GitLab account associated with a Bitbucket account of another user, provided that Bitbucket is used as an OAuth 2.0 provider in GitLab.

The vulnerability of the Bitbucket Credentials Handler component of the Git-based software platform for collaborative code development on GitLab is related to inadequate access control mechanisms. Exploiting this vulnerability could allow a malicious actor to gain control over a GitLab account...

PT-2022-12999 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 7.7 through 14.4.4 GitLab versions 14.5.0 through 14.5.2 GitLab versions 14.6.0 through 14.6.1 Description: The issue allows a malicious user to perform a Cross-Site Request Forgery attack, enabling them to import their GitHub...