"High-Severity GitLab Flaw Lets Attackers Take over Accounts"
"High-Severity GitLab Flaw Lets Attackers Take over Accounts"
GitLab fixed a high-severity vulnerability that enables unauthenticated attackers to hijack user accounts in Cross-Site Scripting (XSS) attacks. The vulnerability is an XSS flaw in the VS code editor (Web IDE) that allows threat actors to steal restricted information through maliciously crafted pages. Although they can exploit this vulnerability without authentication, user interaction is still required, increasing attack complexity.