CVE-2022-1680: Gitlab account take over vulnerability
“When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users’ email addresses via SCIM to an attacker controlled email address and thus – in the absence of 2FA – take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.” the company said in an advisory.
GitLab Enterprise Edition (EE) 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1
GitLab Enterprise Edition (EE) 15.0.1, 14.10.4, and 14.9.5
At present, GitLab has fixed the CVE-2022-1680 vulnerability in the latest version. We strongly recommend that all installations running a version affected by the issues described above are upgraded to the latest version as soon as possible.