CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability | Cybersecurity

Advertisement Gaming: Visit today for your PlayStation, Xbox, Xbox bundles, Nintendo games.
Xbox  |  Xbox Bundles  |  Nintendo  |  Playstation  |  Cards
Manor Lords is a strategy game that allows you to experience the life of a medieval lord.
Horizon Forbidden West. Join Aloy as she braves a majestic but dangerous new frontier that holds mysterious new threats. This Complete Edition allows you to enjoy the critically acclaimed Horizon Forbidden West on PC...

May 02, 2024. Newsroom Vulnerability / Data Breach.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.

Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email address.

GitLab, which disclosed details of the shortcoming earlier this January, said it was introduced as part of a code change in version 16.1.0 on May 1, 2023.

“Within these versions, all authentication mechanisms are impacted,” the company noted at the time. “Additionally, users who have two-factor authentication enabled are vulnerable to password reset but not account takeover as their second authentication factor is required to login.”

Successful exploitation of the issue can have serious consequences as it not only enables an adversary to take control of a GitLab user account, but also steal sensitive information, credentials, and even poison source code repositories with malicious code, leading to supply chain attacks.

“For instance, an attacker…

Source thehackernews.com

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

Ad Amazon Minecraft the game, plus clothing, toys, and accessories.

Ad Amazon Gaming Laptops, clothing, games and more

Ad Amazon MUSIC Artists Merch Shop

Stay connected throughout the year with official, ongoing Microsoft podcasts.
Microsoft Podcasts Apple | Microsoft podcasts YouTube


“Happiness is when what you think, what you say, and what you do are in harmony.” —Mahatma Gandhi

Related Posts