GitLab Accounts without 2FA Face Risk of Takeover via New Flaw: Patch Immediately

A newly disclosed critical vulnerability plaguing GitLab accounts leaves users at risk of complete account takeover if they haven’t enabled multi-factor authentication (MFA). The flaw, tracked as CVE-2023-7028 [], has the maximum severity CVSS score of 10. It allows attackers to reset account passwords through secondary email addresses by exploiting a change introduced in version 16.1.0. Vulnerable Since May 2023 The vulnerable element was introduc
文 » A