#gitlabsecurityalert β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #gitlabsecurityalert, aggregated by home.social.
-
"π #GitLabSecurityAlert - Multiple Critical Vulnerabilities Patched in GitLab π¨"
π° GitLab has released critical updates (16.7.2, 16.6.4, 16.5.6) addressing several security vulnerabilities, including a critical account takeover flaw and a Slack/Mattermost integration exploit. Users are urged to update immediately.
1οΈβ£ The most severe, CVE-2023-7028, allowed password reset emails to be sent to unverified addresses (CVSS 10.0).
2οΈβ£ CVE-2023-5356 permitted unauthorized execution of slash commands in Slack/Mattermost integrations (CVSS 9.6).
3οΈβ£ CVE-2023-4812 involved bypassing CODEOWNERS approval in merge requests (CVSS 7.6).
4οΈβ£ CVE-2023-6955, a medium severity issue, related to improper access control in GitLab Remote Development (CVSS 6.6).
5οΈβ£ The least critical, CVE-2023-2030, allowed alteration of metadata in signed commits (CVSS 3.5).Kudos to the security researchers (@asterion04, @yvvdwf, @ali_shehab, @lotsofloops on HackerOne) and GitLab's @j.seto for identifying these issues. Stay secure, folks!
Source: GitLab Release Notes
Author: Greg MyersTags: #Cybersecurity #Vulnerability #GitLab #CVE2023 #PatchUpdate #InfoSec #HackerOne #DevSecOps π‘οΈπ»π§