CVE-2022-1162 PoC — GitLab Community Edition和GitLab Enterprise Edition 信任管理问题漏洞

Source

https://github.com/Greenwolf/CVE-2022-1162

Associated Vulnerability

Title:GitLab Community Edition和GitLab Enterprise Edition 信任管理问题漏洞 (CVE-2022-1162)
Description:GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是美国GitLab公司的一种社区版 GitLab 。 GitLab Community Edition (CE) and Enterprise Edition (EE)存在信任管理问题漏洞，该漏洞由于基于 OmniAuth 的注册中的应用程序代码中存在硬编码凭据，因此存在该漏洞。未经身份验证的远程攻击者可以使用硬编码凭据访问受影响的系统。该漏洞允许远程攻击者获得对易受攻击系统的完全访问权限

Readme

# CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.

*Exploit:*

New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password:

123qweQWE!@#000000000

*Reference:*


https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1162

File Snapshot


 [4.0K]  /data/pocs/fe8ebb279c85011243a0ce4b69d97df3c484ef1a
└── [ 536]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!