Advertisement
Top
image credit: Pixabay

Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

January 16, 2024

Via: The Register
Category:

GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed.

Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to issue password resets through a secondary email address.

Attackers targeting vulnerable self-managed GitLab instances could use a specially crafted HTTP request to send a password reset email to an attacker-controlled, unverified email address.

Read More on The Register

RELATED PUBLICATIONS

Google fixed critical Chrome vulnerability CVE-2024-4058
AI set to play key role in future phishing attacks
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

Latest Publications

Sweden’s liquor supply severely impacted by ransomware attack on logistics company
Autodesk Drive Abused in Phishing Attacks 
Google fixed critical Chrome vulnerability CVE-2024-4058
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!