Skip to main content

GitLab Password Security Vulnerability - CVE-2022-1162

On Thursday, March 31, 2022, GitLab released an advisory for a critical password security vulnerability in GitLab Community and Enterprise products tracked as CVE-2022-1162. GitLab is DevOps software that combines the ability to develop, secure, and operate software in a single application. The exploitation of CVE-2022-1162 can allow a threat actor to guess a hard-coded password for any GitLab account with relative ease.

GitLab claims that its investigation has shown no indication that users accounts on GitLab.com deployments have been compromised at this time. GitLab has reset passwords for select GitLab.com users despite no indication that the accounts have been compromised.

The root cause of CVE-2022-1162 is in the account registration process using an OmniAuth provider (e.g., OAuth, LDAP, SAML) where a hardcoded password is set with a predictable pattern that allows a threat actor to brute force a registered user’s password based on the pattern. It is important to note that only GitLab deployments where user accounts are created using an OmniAuth provider are in scope for being vulnerable to CVE-2022-1162. GitLab has created a script that self-managed instance admins can use to identify user accounts potentially impacted by CVE-2022-1162.

Recommendations

Recommendation #1: Patch Vulnerable Versions of GitLab Community Edition & Enterprise Edition

Arctic Wolf’s primary recommendation is to first determine if you’re running the affected versions of GitLab Community Edition/Enterprise Edition.

GitLab has indicated in their advisory here that specific versions are affected by this vulnerability. We recommend reviewing the below to determine if you’re running any affected versions of this application in your environment and patch as soon as possible.

  • For Versions 14.7 to 14.7.6 - upgrade to 14.7.7
  • For Versions 14.8 to 14.8.4 - upgrade to 14.8.5
  • For Versions 14.9 to 14.9.1 - upgrade to 14.9.2

Recommendation #2: Identify & Reset Passwords for Affected Users

GitLab has provided a script (here) to identify users potentially impacted by CVE-2022-1162 for self-managed instance administrators. After identifying the affected user accounts, Arctic Wolf strongly recommends to reset the user’s password.

References

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar