GitLab Patches Critical Password Reset Vulnerability
Posted: Tue Jan 16, 2024 11:46 am
A vulnerability in GitLab’s email verification process could allow attackers to hijack the password reset process.
The issue, tracked as CVE-2023-7028 (CVSS score of 10) and introduced in GitLab 16.1.0, can be exploited to have password reset messages sent to an unverified email address.
GitLab 16.1.0 was released with the option to have password reset emails sent to a secondary email address, to prevent cases where users could not reset their passwords because they did not have access to the primary email inbox.
[...]
GitLab Patches Critical Password Reset Vulnerability
The issue, tracked as CVE-2023-7028 (CVSS score of 10) and introduced in GitLab 16.1.0, can be exploited to have password reset messages sent to an unverified email address.
GitLab 16.1.0 was released with the option to have password reset emails sent to a secondary email address, to prevent cases where users could not reset their passwords because they did not have access to the primary email inbox.
[...]
GitLab Patches Critical Password Reset Vulnerability