[BCLUG] Maximum-severity GitLab flaw allowing account hijacking under active exploitation

Ron / BCLUG admin at bclug.ca
Thu May 2 16:59:08 EDT 2024


This one looks fun:

> A maximum severity vulnerability that allows hackers to hijack GitLab
> accounts with no user interaction required is now under active
> exploitation, federal government officials warned as data showed that
> thousands of users had yet to install a patch released in January.

https://arstechnica.com/security/2024/05/0-click-gitlab-hijacking-flaw-under-active-exploit-with-thousands-still-unpatched/

 > The vulnerability, tracked as CVE-2023-7028, carries a severity rating
 > of 10 out of 10.


Make sure you're patched if you run GitLab!


rb
-- 
BCLUG.ca
https://bclug.ca

To subscribe, send an email to discuss-join at lists.bclug.ca

List Web site: https://lists.bclug.ca/mailman/listinfo/discuss


More information about the Discuss mailing list