Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Nemeski@lemm.ee to Technology@lemmy.world – 353 points –
bleepingcomputer.com
47

You are viewing a single comment

We use gitlab ultimate at my work, I'm the main admin of the instance. Like 2 weeks ago when there was the cvss 10 vuln, gitlab sent us a .patch file to apply to the instance instead of releasing a new minor cause they didn't wanna make the vuln public yet. I guess that's coordinated disclosure, but I still found that remarkably jank.

2 more...