Site icon API Security Blog

GitLab 0.0 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4037)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider. (CVE-2022-4037) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More

Exit mobile version