GitLab warns of critical zero-click account hijacking vulnerability
January 12, 2024 at 02:47PM GitLab has released security updates to address critical vulnerabilities in its Community and Enterprise Edition, including an authentication flaw (CVE-2023-7028) allowing account hijacking and a vulnerability (CVE-2023-5356) enabling the abuse of Slack/Mattermost integrations. The flaws were addressed in GitLab versions 16.7.2, 16.5.6, and 16.6.4, with backported fixes available. For official … Read more