GitLab Accounts without 2FA Face Risk of Takeover via New Flaw: Patch Immediately

A newly disclosed critical vulnerability plaguing GitLab accounts leaves users at risk of complete account takeover if they haven’t enabled multi-factor authentication (MFA). The flaw, tracked as CVE-2023-7028 [https://nvd.nist.gov/vuln/detail/CVE-2023-7028], has the maximum severity CVSS score of 10. It allows attackers to reset account passwords through secondary email addresses by exploiting a change introduced in version 16.1.0. Vulnerable Since May 2023 The vulnerable element was introduc