"5,379 Gitlab Servers Vulnerable to Zero-Click Account Takeover Attacks"

Thousands of GitLab servers are vulnerable to zero-click Account Takeover (ATO) attacks involving the exploitation of a critical vulnerability. GitLab recently released security updates to address two critical vulnerabilities that affect both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 with a CVSS score of 10, enables ATO via Password Reset. Threat actors can use the flaw to hijack an account without user interaction. Most of the vulnerable servers are in the US (964), Germany (730), and Russia (721). This article continues to discuss the vulnerability of thousands of GitLab servers to zero-click ATO attacks.

Security Affairs reports reports "5,379 Gitlab Servers Vulnerable to Zero-Click Account Takeover Attacks"

Submitted by grigby1

Submitted by Gregory Rigby on