The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical flaw in GitLab, tracked as CVE-2023-7028, allowing account takeover by sending password reset emails to unverified addresses, impacting all authentication mechanisms in versions before 16
5.6. This vulnerability, actively exploited in the wild, poses grave risks such as unauthorized access, data theft, and supply chain attacks. Mitiga highlights the potential malicious outcomes of the exploit, emphasizing the importance of updating to secure versions like 16.5.6. Federal agencies are urged to apply the necessary fixes by May 22, 2024, to ensure network security. ```https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html