[GTALUG] Maximum-severity GitLab flaw allowing account hijacking under active exploitation
Ron / BCLUG
admin at bclug.ca
Thu May 2 16:59:08 EDT 2024
This one looks fun:
> A maximum severity vulnerability that allows hackers to hijack GitLab
> accounts with no user interaction required is now under active
> exploitation, federal government officials warned as data showed that
> thousands of users had yet to install a patch released in January.
https://arstechnica.com/security/2024/05/0-click-gitlab-hijacking-flaw-under-active-exploit-with-thousands-still-unpatched/
> The vulnerability, tracked as CVE-2023-7028, carries a severity rating
> of 10 out of 10.
Make sure you're patched if you run GitLab!
rb
--
BCLUG.ca
https://bclug.ca
To subscribe, send an email to discuss-join at lists.bclug.ca
List Web site: https://lists.bclug.ca/mailman/listinfo/discuss
More information about the talk
mailing list