Veracode Vulnerability DatabaseVERACODE:41502

HistoryJul 22, 2023 - 10:43 p.m.

Use Of Hard-coded Credentials

2023-07-2222:43:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

vulnerability

hard-coded credentials

omniauth

authentication

0.245 Low

EPSS

Percentile

96.6%

JSON

gitLab is vulnerable to Use of Hard-coded Credentials. This vulnerability exists because of hardcoded passwords being set for accounts registered through omniauth in gitLab, resulting in an authentication issue.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json

gitlab.com/gitlab-org/gitlab/-/issues/357210

security-tracker.debian.org/tracker/CVE-2022-1162

0.245 Low

EPSS

Percentile

96.6%

JSON

Related for VERACODE:41502