GitLab has addressed a critical security flaw in its service that could result in an account takeover after exploitation.
This critical bug tracked as CVE-2022-1680, with CVSS of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1.
When group SAML SSO is configured, the SCIM feature may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus in the absence of 2FA take over those accounts.
Once after this stage, the threat actor can change the display name and username of the targeted account, Gitlab said in its advisory published on June 1, 2022.
The bug is also resolved by GitLab in versions 15.0.1, 14.10.4, and 14.9.5 are seven other security vulnerabilities, two of which are rated high, four are rated medium, and one is rated low in severity.
Users are advised to upgrade the versions wherever affected version are kept running.