January 25, 2024 at 11:48AM Over 5,000 unpatched GitLab servers are vulnerable to account takeover due to CVE-2023-7028. The flaw, affecting versions 16.1.0 and onwards, allows send password reset emails to unverified addresses, disclosed by a non-profit group. Patches are available in GitLab versions 16.5.6, 16.6.4, and 16.7.2, with hundreds of vulnerable servers globally. GitLab … Read more
January 15, 2024 at 07:07AM A vulnerability in GitLab’s email verification process (CVE-2023-7028, CVSS score 10) allows attackers to hijack the password reset process by sending reset messages to unverified email addresses. This affects GitLab CE/EE versions 16.1 to 16.7.1, with patches released in versions 16.5.6, 16.6.4, and 16.7.2. Users are advised to update instances … Read more
November 20, 2023 at 10:47AM Allowing users to reset their own passwords offers multiple benefits, including saving time and money for IT departments, reducing the risk of social engineering attacks, and empowering end-users. One solution is using Microsoft’s Self-Service Password Reset functionality with Azure AD Connect. Another option is Specops uReset, which integrates with Active … Read more