iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Several vulnerabilities have been found that could lead to a malicious account takeover on the popular coding tool.
The Australian Cyber Security Centre (ACSC) released a critical alert overnight regarding several serious vulnerabilities in GitLab, a popular open-source developer operations platform.
While GitLab has posted an advisory covering a raft of vulnerabilities, the ACSC is most concerned about CVE-2023-7028, a bug that could lead to an account takeover.
“CVE-2023-7028 allows an account takeover via the ability to have password reset emails delivered to an unauthenticated email address,” the ACSC said in its alert.
The bug affects the following versions of GitLab:
The ACSC recommends that all GitLab users immediately use the platform’s internal upgrade path to the latest version and enable multifactor authentication immediately.
The vulnerability, alongside four others – CVE-2023-5356, CVE-2023-4812, CVE2023-6955 and CVE-2023-2030 – was found via a bug bounty submission, and GitLab is so far unaware of it being exploited in the wild.
GitLab has roughly 30 million registered users, with at least 1 million of them currently active.
You can find out more about the complete list of vulnerabilities here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
