GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. The bug (discovered internally and tracked as ...

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

GitLab releases patch for nine flaws, including two critical severity ones The critical flaws allowed threat actors to bypass authentication and could lead to data exfiltration Patch is available now, ...

GitLab has patched a critical and trivial-to-exploit account takeover bug. The attack vector for CVE-2023-7028 is the password reset function. “User account password reset emails could be delivered to ...

To protect GitLab instances against potential attacks, admins should install available security patches promptly. If this is not done, attackers can exploit seven security vulnerabilities. In a ...