Users cautioned to promptly patch GitLab vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently included a vulnerability from the GitLab open source platform in its Known Exploited Vulnerabilities (KEV) catalogue. The vulnerability, labeled as CVE-2023-7028, was originally disclosed in January and affects GitLab Community and Enterprise Editions. It is an access control vulnerability that allows attackers to trigger a password reset email to an unverified email, potentially leading to account takeover. CISA has urged users to apply available patches immediately and has required US government bodies to patch the vulnerability by a certain deadline. The addition of this vulnerability to the catalogue serves as a warning to organizations about the potential impact of new vulnerabilities and the risks posed by cyber criminals. All users of affected GitLab versions should update to the latest security release and consider enabling multi-factor authentication (MFA) and rotating all stored secrets. However, it is concerning to note that despite the patch being available since January, there are still numerous vulnerable GitLab instances in various countries. This highlights the challenge of patching for many organizations, emphasizing the need to prioritize the vulnerabilities that pose the greatest risk.

Unlock your business potential with our expert guidance. Get in touch now!

tra_20241209-the-complete-2025-comptia-certification-training-super-bundle-by-idunova.jpg

Get Ready for 2025 with Our CompTIA Training Bundle for Just $50!

stateless-firewall-featured-image-12052024-min.png

5 Benefits of Implementing a Stateless Firewall (and 3 Important Limitations)

AdobeStock_315682413.jpg

Chief AI Officers: The Key Players in AI Success

AdobeStock_272603267.jpg

How Employee Data Access Habits Are Impacting Australian Employers Negatively

teamwork-collaboration-businesspeople-Friends-Stock-adobe.jpg

UK Medical Trial of Four-Day Work Week Shows Increased Staff Happiness and Productivity

tr_20241205-uk-cyber-risks-underestimated.jpg

UK Cyber Risks Are ‘Significantly Underestimated,’ Cautions Security Chief

Online-shopping-retail-adobe.jpg

Tech Strategy Uncovered: Insights from Dan Lake, Vice President at Notonthehighstreet.com