GitLab Fixes Critical Account Takeover Vulnerability

Threat Advisories

GitLab Fixes Critical Account Takeover Vulnerability

Summary:

Critical GitLab vulnerability (CVE-2023-7028) enables unauthorized users to take over the administrator account without user interaction. Exploiting password reset flaws, attackers can submit two emails, both target as well as attacker account leading to complete account takeover. Users with two-factor authentication are safe, and GitLab urges immediate updates for affected versions to mitigate the issue in email verification.

Threat Level – Red | Vulnerability Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.