#CriticalSecurityPatch

GitLab Patches Critical Password Reset Vulnerability

by

January 15, 2024 at 07:07AM A vulnerability in GitLab’s email verification process (CVE-2023-7028, CVSS score 10) allows attackers to hijack the password reset process by sending reset messages to unverified email addresses. This affects GitLab CE/EE versions 16.1 to 16.7.1, with patches released in versions 16.5.6, 16.6.4, and 16.7.2. Users are advised to update instances … Read more

Atlassian Patches Critical Remote Code Execution Vulnerabilities

by

December 7, 2023 at 05:36AM Atlassian has issued critical patches for remote code execution vulnerabilities in Confluence and other products to address security flaws. Takeaways from Meeting: 1. Atlassian has issued patches for several critical-severity remote code execution vulnerabilities. 2. The vulnerabilities affect Confluence and several other Atlassian products. 3. Users are advised to apply … Read more