
Critical GitLab flaw (CVE-2023-7028) exposes vulnerability in GitLab CE/EE versions 16.1 to 16.6.4, allowing attackers to reset user passwords. Two-factor authentication users are safe. The flaw, introduced on May 1, 2023, through an email verification bug, has been patched in versions 16.7.2, 16.6.4, and 16.5.6. GitLab urges immediate upgrades and enabling 2FA for all accounts, especially administrators. Additional fixes address various vulnerabilities.
Â
Read the full article HERE