News

GitLab warns small part of users about leaked logins and tokens

By admin
Spread the love

GitLab warned some of its users, they say 0.5 percent, that logins, or third party credentials, and access tokens were publicly available via an internal logging system. There would be no evidence of abuse.

GitLab writes that it has already taken measures. It reportedly learned on February 28 that log-ins for certain repositories were not cleaned and thus ended up in its own logging system. In addition, the investigation found that API access tokens ended in load balancer log files, as did log-ins for repositories.

Then on March 19, a GitLab user discovered that the internal logging dashboard was misconfigurated to anyone with a Google account. That way it was possible to get read access. According to GitLab, the misconfiguration was the result of a migration. There would be no evidence that this access was abused, which was possible between February 19 and March 19. GitLab does mention that its audit logs only cover a week of that entire month.

GitLab has notified affected users and points out that users can proactively change their tokens on a dedicated page. Recently, the service warned users of a critical vulnerability, which may have allowed remote code execution, as well as stealing information and bypassing authentication. GitLab is a service that lets developers collaborate on projects and recently announced integration with GitHub.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Brave sells web content as data for AI training

News

GitHub enables passwordless login via passkeys in beta

News

Elon Musk shows AI company X AI, without concrete applications yet

News

Huawei may release 5G smartphones again next year

News

Amazon goes to the EU Court for stricter supervision under the Digital Services Act