Bleeping Computer

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. The critical (CVSS score: 10.0) flaw allows ...
heise online

DevSecOps platform Gitlab: Account takeover possible

For security reasons, admins should update their Gitlab installation to the latest version. Otherwise, attackers can exploit several vulnerabilities and compromise systems. In a post, the developers ...
heise online

GitLab: Account takeover possible after 1-click attack

Attackers can use a vulnerability in GitLab Community Edition and Enterprise Edition to gain access to data with which they can gain control over accounts. So far, there are no reports of ongoing ...
Bleeping Computer

GitLab patches high severity account takeover, missing auth issues

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in ...