Gitlab Ships Critical Account Takeover Bug

Channel:
Australia Brodie Robertson
Subscribers:
107,000
Published on ● Video Link: https://www.youtube.com/watch?v=EE_RfwQcDuE


Duration: 10:42
5,242 views
339

So a gitlab dev made a pretty big mistake and pushed a hardcoded password into production code, the results are as you'd expect.

==========Support The Channel==========
► $100 Linode Credit: https://brodierobertson.xyz/linode
► Patreon: https://brodierobertson.xyz/patreon
► Paypal: https://brodierobertson.xyz/paypal
► Liberapay: https://brodierobertson.xyz/liberapay
► Amazon USA: https://brodierobertson.xyz/amazonusa

==========Resources==========
Vulnerability Merge Request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76318#f4d654b98cc11d931e3f77ee61318adc95a52f12_235_233
Vulnerability Writeup https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/#script-to-identify-users-potentially-impacted-by-cve-2022-1162

=========Video Platforms==========
🎥 Odysee: https://brodierobertson.xyz/odysee
🎥 Podcast: https://techovertea.xyz/youtube
🎮 Gaming: https://brodierobertson.xyz/gaming

==========Social Media==========
🎤 Discord: https://brodierobertson.xyz/discord
🎤 Matrix Space: https://brodierobertson.xyz/matrix
🐦 Twitter: https://brodierobertson.xyz/twitter
🌐 Mastodon: https://brodierobertson.xyz/mastodon
🖥️ GitHub: https://brodierobertson.xyz/github

#Gitlab #Github #GitlabVulnerability

==========Credits==========
🎨 Channel Art:
All my art has was created by Supercozman
https://twitter.com/Supercozman
https://www.instagram.com/supercozman_draws/

🎵 Ending music
Music from https://filmmusic.io
"Basic Implosion" by Kevin MacLeod (https://incompetech.com)
License: CC BY (http://creativecommons.org/licenses/by/4.0/)

DISCLOSURE: Wherever possible I use referral links, which means if you click one of the links in this video or description and make a purchase I may receive a small commission or other compensation.



Other Videos By Brodie Robertson


2022-04-17Calculate Exchange In The Terminal With ForX
2022-04-16Qpwgraph: Easiest Way To Reroute Pipewire Audio
2022-04-14Do Ubuntu's Snap Deserve So Much Negativity?
2022-04-13Explore Github Straight From The Terminal!!
2022-04-12First Look At Sway WM: Welcome Home "i3"
2022-04-11How To Install Arch Linux With NO INTERNET
2022-04-10I Spent A Week Troubleshooting My Linux System
2022-04-09Can I Fit A Tiling Window Manager On My Mouse?
2022-04-07PulseAudio Is Dead To Me: Pipewire Is Here To Stay
2022-04-06Has Windows 11 Adoption Really Stopped?
2022-04-05Gitlab Ships Critical Account Takeover Bug
2022-04-04Hide Your Browser In Plain Sight With Chameleon
2022-04-03Should You Say Gnu/Linux: No Probably Not
2022-04-02First Look At Wlroots Wayland: Is It Usable?
2022-03-31I've Never Used Arch Linux (APOLOGY VIDEO)
2022-03-30Linux Gaming Is More Complex Than Valve Thought
2022-03-29
2022-03-28Another Weird File Viewer You've Never Heard Of
2022-03-27Matrix Finally Has Proper Group Calls... Sort Of
2022-03-26ProtonDB Has A New Linux Game Ranking System
2022-03-24Steam & Proton Are Coming To Chromebooks??


Tags:
brodie robertson
gitlab
gitlab vulnerability
gitlab vulnerability attackers over accounts
gitlab account takeover
gitlab hard coded password
gitlab news
github
github vs gitlab
gitlab vs github
security vulability
git
gitlab vulnerability takeover
brodie robertson linux
arch linux
gitlab tutorial
how to host gitlab
cve
tech news
security news
password manager
account takover
why use gitlab
what is git
git tutorial
developer news
programmer
gitea