GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords. The bug (discovered internally and tracked as ...

GitLab releases patch for nine flaws, including two critical severity ones The critical flaws allowed threat actors to bypass authentication and could lead to data exfiltration Patch is available now, ...

GitLab has patched a critical and trivial-to-exploit account takeover bug. The attack vector for CVE-2023-7028 is the password reset function. “User account password reset emails could be delivered to ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

GitLab has released a fix for a newly discovered security flaw, and is urging its users to install immediately as it addresses a high-severity vulnerability that can cause all sorts of trouble. In a ...

Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.

To protect GitLab instances against potential attacks, admins should install available security patches promptly. If this is not done, attackers can exploit seven security vulnerabilities. In a ...