Security news that informs and inspires

Archive

4 results for tag Gitlab:

GitLab Patches Critical Account Takeover Flaw

The flaw (CVE-2023-7028) stems from the fact that user account password reset emails can be delivered to unverified email addresses.

Gitlab, Account Takeover

GitLab Patches Critical Account Takeover Flaw

The critical flaw (CVE-2022-1680) can allow for account takeover in impacted installations that have not been upgraded.

Gitlab

GitLab Fixes Critical Account-Takeover Bug

GitLab has patched a critical vulnerability caused by hardcoded passwords in several versions.

Gitlab

Time, Not Money, Kills Bugs

The measure of a bug bounty program's success is not how much researchers were paid, but how the organization handled the volume of new reports. GitLab's James Ritchey share some of the lessons learned in the company's first year of the public bug bounty program.

Bug Bounty, Gitlab