Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month, Bleeping Computer’s Bill Toulas reports. The critical flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account. Although the flaw does not bypass two-factor authentication, it is a significant risk for any accounts not protected by this extra security mechanism, the author writes.
Published first on TheFly – the ultimate source for real-time, market-moving breaking financial news. Try Now>>
See today’s best-performing stocks on TipRanks >>
Read More on GTLB: