A Security Vulnerability Has Been Detected in GitLab

It has detected a security vulnerability in GitLab, an open-source software development platform, that allows a remote threat actor to obtain sensitive information about users such as first name, last name, email, and password. Data breaches using this vulnerability enable threat actors to create a new username list (Combolist) based on GitLab installations and perform Brute Force attacks through this list.

The vulnerability tracked by code CVE-2021-4191 exists due to insufficient authentication checking when processing specific GitLab GraphQL API queries. As a result, a remote threat actor can exploit the vulnerability to gain unauthorized access to sensitive information in the system.

The vulnerability affects all GitLab Community Edition and Enterprise Editions 13.0.0 – 14.8.1 but was fixed in the last released version. In addition, another critical vulnerability tracked as CVE-2022-0735 is fixed with the released updates. Users using vulnerable GitLab versions are advised to apply the released updates immediately.

A Security Vulnerability Has Been Detected in GitLab

A Security Vulnerability Has Been Detected in GitLab

European Focused Threat Actors – Who Actively Continue Their Strategies

Critical 0-Day Alarm in Microsoft Exchange Server

European Focused Threat Actors – APT Groups

Multiple Vulnerabilities Detected in Solarwinds Orion

Security News – Week 39

Zebrocy Malware Technical Analysis Report

Related Posts

Critical 0-Day Alarm in Microsoft Exchange Server

Multiple Vulnerabilities Detected in Solarwinds Orion

Critical RCE Alarm in Sophos Firewall Solutions

AffectMe: The Critical Vulnerability in Oracle Cloud Infrastructure

We know what hackers know about you

Solutions

Use Case

Partners

Company