all InfoSec news
GitLab Patches Critical Account Takeover Flaw
Malware Analysis, News and Indicators - Latest topics malware.news
GitLab has fixed a critical-severity flaw in several versions of its platform that, if successfully exploited, could enable attackers to take over accounts without user interaction.
The flaw (CVE-2023-7028) stems from the fact that user account password reset emails can be delivered to unverified email addresses. GitLab Community Edition (CE) and Enterprise Edition (EE) versions 16.1 to 16.1.5, 16.2 to 16.2.8, 16.3 to 16.3.6, 16.4 to 16.4.4, 16.5 to 16.5.5, 16.6 to 16.6.3 and 16.7 to 16.7.1 are impacted.
“Within …
account accounts account takeover addresses attackers can community critical cve email emails enable enterprise exploited fact flaw gitlab password password reset patches platform reset severity takeover