A critical GitLab vulnerability allowing account takeover, tracked as CVE-2023-7028, was disclosed and fixed, earning a CVSS score of 10. The flaw impacts self-managed GitLab instances from versions 16.1 to 16
7. More than 2,100 instances are still vulnerable, with a deadline for federal agencies to patch by May 22, emphasizing the importance of activating MFA. ```https://www.scmagazine.com/news/critical-gitlab-account-takeover-flaw-added-to-cisas-kev-catalog