all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

GitLab Fixes Password Reset Bug That Allows Account Takeover

Add to bookmarks
Jan. 16, 2024, 1:05 p.m. | Jeffrey Burt

Security Boulevard securityboulevard.com


GitLab is releasing a patch to fix a vulnerability in its email verification process that bad actors can exploit to reset user passwords and take over accounts. The flaw, CVE-2023-7028, was introduced in May 2023 in GitLab 16.1.0, in which a change was made that allowed users to reset their password through a secondary email..


The post GitLab Fixes Password Reset Bug That Allows Account Takeover appeared first on Security Boulevard.

2fa account accounts account takeover application security bad bad actors bug can change cve cybersecurity data security devops email email verification exploit featured fix fixes flaw gitlab gitlab vulnerability identity & access industry spotlight may may 2023 network security password password reset passwords patch process reset security boulevard (original) social - facebook social - linkedin social - x software supply chain spotlight takeover verification vulnerabilities vulnerability

Visit resource

More from securityboulevard.com / Security Boulevard

The Real Risk is Not Knowing Your Real Risk: Perspectives from Asia Pacific Tour with … 13 hours ago | securityboulevard.com
asia asia pacific balbix customer +15
Airsoft Data Breach Exposes Data of 75,000 Players 14 hours ago | securityboulevard.com
airsoft attack surface authentication breach +31
Get SOAR Savvy Before RSAC 2024: 5 Reads to Level Up Your SOC 15 hours ago | securityboulevard.com
and response automation check d3 security +24
Cloud Monitor Automation Thwarts Phishing & Malware Emails 16 hours ago | securityboulevard.com
automation chief cloud cybersecurity +27
MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’ 18 hours ago | securityboulevard.com
computing conference eve francisco +19
Palo Alto Networks Extends SASE Reach to Unmanaged Devices 19 hours ago | securityboulevard.com
alto devices devops devsecops +20
USENIX Security ’23 – Cryptographic Deniability: A Multi-perspective Study of User Perceptions and Expectations 19 hours ago | securityboulevard.com
access authors channel conference +17
The impact of automating open source dependency management 19 hours ago | securityboulevard.com
automation business consuming customer +14
Unlocking SMB Cybersecurity: The Rise of Virtual CISOs in 2024 and Beyond 19 hours ago | securityboulevard.com
align beyond business businesses +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

QA Customer Response Engineer

@ ORBCOMM | Sterling, VA Office, Sterling, VA, US
View on infosec-jobs.com

Enterprise Security Architect

@ Booz Allen Hamilton | USA, TX, San Antonio (3133 General Hudnell Dr) Client Site
View on infosec-jobs.com

DoD SkillBridge - Systems Security Engineer (Active Duty Military Only)

@ Sierra Nevada Corporation | Dayton, OH - OH OD1
View on infosec-jobs.com

Senior Development Security Analyst (REMOTE)

@ Oracle | United States
View on infosec-jobs.com

Software Engineer - Network Security

@ Cloudflare, Inc. | Remote
View on infosec-jobs.com

Software Engineer, Cryptography Services

@ Robinhood | Toronto, ON
View on infosec-jobs.com
View more jobs