CVE-2022-1680

high-risk
Published 2022-06-06

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.

Do I need to act?

!
10.4% chance of exploitation in next 30 days
EPSS score — higher than 90% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: d69f38d4a95eb664a8987247b61d8d1130c9f94a, 94a44086fe6f7c511db20bc89b779e3e46bf6b55, 661f7e4160fd380b54f36039b0e7f585b4cdb647
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Gitlab

References (4)

Vendor Advisory https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1680.json
Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/363058
Vendor Advisory https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1680.json
Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/363058
51
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 11/34 · Low
Exposure 7/34 · Low