<\/gwmw><\/figcaption><\/figure>\n\n\n\nIn early May, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a>\u00a0a GitLab\u00a0Community and Enterprise Editions improper access control vulnerability to its\u00a0Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
The issue, tracked as\u00a0CVE-2023-7028<\/a>\u00a0(CVSS score: 10.0), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction.<\/gwmw><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, XSS)<\/strong><\/p>\n\n\n\n
<\/gwmw><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"
GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated\u00a0attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as\u00a0CVE-2024-4835, that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information. The vulnerability impacts versions 15.11 before […]<\/p>\n","protected":false},"author":1,"featured_media":93416,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[10203,4112,9508,9506,10918,687,841,1533,963],"class_list":["post-163649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-gitlab","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news","tag-xss"],"yoast_head":"\n杭州江阴科强工业胶带有限公司