GitLab is releasing a patch to fix a vulnerability in its email verification process that bad actors can exploit to reset user passwords and take over accounts. The flaw, CVE-2023-7028, was introduced in May 2023 in GitLab 16.1.0, in which a change was made that allowed users to reset their password through a secondary email..

The post GitLab Fixes Password Reset Bug That Allows Account Takeover appeared first on Security Boulevard.

Jeffrey Burt

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/01/gitlab-fixes-password-reset-bug-that-allows-account-takeover/