"GitLab Warns of Critical Zero-Click Account Hijacking Vulnerability"

GitLab has addressed two critical vulnerabilities, one of which allows account hijacking with no user interaction. The vendor urges updating all vulnerable versions of the DevSecOps platform. The most severe vulnerability is an authentication flaw that allows password reset requests to be sent to arbitrary, unverified email addresses, enabling account takeover. Since the platform is commonly used to host proprietary code, Application Programming Interface (API) keys, and other sensitive data, compromising a GitLab account can significantly impact an organization. This article continues to discuss the potential exploitation and impact of the critical vulnerabilities addressed by GitLab.

Bleeping Computer reports "GitLab Warns of Critical Zero-Click Account Hijacking Vulnerability"

Submitted by grigby1