Critical GitLab account takeover flaw added to CISA’s KEV Catalog

2 May 2024

A critical GitLab vulnerability that could enable account takeover was added to the Cybersecurity & Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, tracked as CVE-2023-7028, enables an attacker to craft a specially formatted HTTP request that causes a password reset email to be sent to an unverified attacker-controlled email address, a GitLab spokesperson previously told SC Media.

Source: SC Magazine

Date:

2 May 2024

Categorie(s):

NEWS

Tag(s):

CISA, GitLab, Open Source, Security Pro, Vulnerability

Restore Damaged Files & Save Your Business for Only $5017 May 2024
Santander Data Breach: Hackers Accessed Company Database17 May 2024
Kroll expands its document review capabilities to accelerate incident response17 May 2024
CISA Warns of Actively Exploited D-Link Router Vulnerabilities – Patch Now17 May 2024
U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers17 May 2024