5379 GitLab Servers are Vulnerable to Zero-Click Account Takeover Attacks
Posted: Wed Dec 18, 2024 11:46 am
GitLab has released important security fixes for versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). The fixes include multiple bugs, including a critical account takeover vulnerability that does not require user interaction.
However, other fixes were approval and removal bypass from CODEOWNERS, execution of slash commands by abusing Slack/Mattermost integrations, new workspace creation under different root namespaces, and a commit signature validation ignore.
https://cybersecuritynews.com/5379-gitlab-servers/
However, other fixes were approval and removal bypass from CODEOWNERS, execution of slash commands by abusing Slack/Mattermost integrations, new workspace creation under different root namespaces, and a commit signature validation ignore.
https://cybersecuritynews.com/5379-gitlab-servers/