Vulnerabilities in GitLab that allow account hijacking and execution of commands under another user
Corrective updates to the platform for organizing collaborative development have been published - GitLab 16.7.2, 16.6.4 and 16.5.6, which fix two critical vulnerabilities. The first vulnerability (CVE-2023-7028), which is assigned the maximum severity level (10 out of 10), allows you to seize someone else’s account through manipulation of the forgotten password recovery form. The vulnerability is caused by the ability to send an email with a password reset code to unverified […]