GitLab 11.0 < 14.9.5 / 14.10.0 < 14.10.4 / 15.0.0 < 15.0.1 (CVE-2022-1680)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0...

Code injection

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

CVE-2022-1680

The CVE-2022-1680 vulnerability, described across multiple sources, affects GitLab Enterprise Edition with group SAML SSO when SCIM is enabled. Affected versions are 11.10 up to 14.9.5, 14.10 up to 14.10.4, and 15.0 up to 15.0.1. The root issue is that SCIM, available on Premium+ groups, could al...

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of...