GitLab is releasing a patch to fix a vulnerability in its email verification process that bad actors can exploit to reset user passwords and take over accounts. The flaw, CVE-2023-7028, was introduced in May 2023 in GitLab 16.1.0, in which a change was made that allowed users to reset their password through a secondary email..
The post GitLab Fixes Password Reset Bug That Allows Account Takeover appeared first on Security Boulevard.
This article has been indexed from Security Boulevard