Ars Technica

Maximum-severity GitLab flaw allowing account hijacking under active exploitation

A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government ...
Bleeping Computer

GitLab security update fixes critical account take over flaw

GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover. GitLab is ...
Dark Reading

Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

A critical security vulnerability in GitLab is under active attack, according to CISA. It allows bad actors to send password reset emails for any account to an email address of their choice, thus ...
Bleeping Computer

High-severity GitLab flaw lets attackers take over accounts

GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. The security flaw (tracked as CVE-2024-4835) ...
Seeking Alpha

Over 5,300 GitLab servers vulnerable to zero-click account takeover flaw - Bleeping Computer

More than 5,300 internet-exposed GitLab (NASDAQ:GTLB) servers are at risk to CVE-2023-7028, a zero-click account takeover flaw the company had warned about earlier, technology news site Bleeping ...