CVE-2022-1162

CRITICAL NUCLEI

GitLab 14.7-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Authentication Bypass via Hardcoded OmniAuth Password

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-1162. PoCs published by Greenwolf, ipsBruno. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages a hardcoded password vulnerability in GitLab CE/EE versions 14.7 to 14.9, allowing authentication bypass for accounts registered via OmniAuth providers. The hardcoded password '123qweQWE!@#000000000' can be used to log into affected accounts.

Description

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

Exploits (3)

exploitdb WORKING POC
by Greenwolf · textwebappsruby
https://www.exploit-db.com/exploits/50888

This exploit leverages a hardcoded password vulnerability in GitLab CE/EE versions 14.7 to 14.9, allowing authentication bypass for accounts registered via OmniAuth providers. The hardcoded password '123qweQWE!@#000000000' can be used to log into affected accounts.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2
No auth needed
Prerequisites: GitLab instance running an affected version · Accounts registered using an OmniAuth provider
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 4 stars
by Greenwolf · poc
https://github.com/Greenwolf/CVE-2022-1162

This repository provides a writeup for CVE-2022-1162, detailing a hardcoded password vulnerability in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2. The hardcoded password '123qweQWE!@#000000000' can be used to take over accounts registered using an OmniAuth provider.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2
No auth needed
Prerequisites: GitLab instance running a vulnerable version · Accounts registered using an OmniAuth provider
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by ipsBruno · poc
https://github.com/ipsBruno/CVE-2022-1162

This PoC exploits CVE-2022-1162, an authentication bypass vulnerability in GitLab, by enumerating users and attempting to log in with a default password. It automates the process of finding project members and testing their credentials.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: GitLab (version not specified)
No auth needed
Prerequisites: Access to a vulnerable GitLab instance · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

GitLab CE/EE - Hard-Coded Credentials
CRITICALby GitLab Red Team
Shodan: http.title:"GitLab" || cpe:"cpe:2.3:a:gitlab:gitlab" || http.title:"gitlab"
FOFA: title="gitlab"

References (3)

Core 3

Scores

CVSS v3 9.1
EPSS 0.8851
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-798
Status published
Products (1)
gitlab/gitlab 14.7.0 - 14.7.7 (2 CPE variants)
Published Apr 04, 2022
Tracked Since Feb 18, 2026