Federal frenzy to patch gaping GitLab account takeover hole
May 2, 2024 at 10:25AM CISA is mandating federal agencies to patch a critical vulnerability in GitLab to prevent active exploitation by attackers. The vulnerability, CVE-2023-7028, allows unauthorized account takeovers and poses a risk of software supply chain attacks. GitLab has released fixed versions, and those with two-factor authentication are safe. Currently, around 2,149 GitLab … Read more