• Latest
  • Trending
  • All
  • Industry
  • Compliance
  • Global Trade
  • Industry
  • Sustainability & Ethics
  • Video
  • Security & Risk
An image of a demon logo on a laptop keyboard showing the importance of patching to mitigate critical vulnerability in GitLab.

GitLab Addresses Critical Vulnerability Demanding Immediate Patching

01/15/2024
Q2 U.S. Auto Sales Grow, While Tariffs Threaten Higher Prices

Q2 U.S. Auto Sales Grow, While Tariffs Threaten Higher Prices

07/03/2025
Rising Import Costs Put Pressure on U.S. Restaurants Amid Tariffs

Rising Import Costs Put Pressure on U.S. Restaurants Amid Tariffs

07/03/2025
Vietnam Trade Deal Secured as U.S. Prepares for Tariff Changes

Vietnam Trade Deal Secured as U.S. Prepares for Tariff Changes

07/03/2025
U.S. and Vietnam Reach Trade Agreement Including New 20% Tariff on Imports

U.S. and Vietnam Reach Trade Agreement Including New 20% Tariff on Imports

07/03/2025
Uncertainty Grows as July 9 Tariff Deadline Nears Amid Ongoing Trade Talks

Uncertainty Grows as July 9 Tariff Deadline Nears Amid Ongoing Trade Talks

07/03/2025
Two Star Safaris Ltd: Six Years of Growth, Impact, and Global Reach

Two Star Safaris Ltd: Six Years of Growth, Impact, and Global Reach

07/02/2025
Two Star Safaris Limited Nominated for 2025 Go Global Awards in London

Two Star Safaris Limited Nominated for 2025 Go Global Awards in London

07/02/2025
Vidushi Infotech Powers Global Growth with AI-Driven IT Solutions and 22 Years of Expertise

Vidushi Infotech SSP Pvt. Ltd. Nominated for Go Global Awards 2025 – Set to Join Global Tech Leaders in London

07/02/2025
Vidushi Infotech Powers Global Growth with AI-Driven IT Solutions and 22 Years of Expertise

Vidushi Infotech Powers Global Growth with AI-Driven IT Solutions and 22 Years of Expertise

07/02/2025
PRINTCO SRL Nominated for 2025 Go Global Awards in London

PRINTCO: Romania’s Packaging Powerhouse Pioneering Innovation and Sustainability

07/01/2025
PRINTCO SRL Nominated for 2025 Go Global Awards in London

PRINTCO SRL Nominated for 2025 Go Global Awards in London

07/02/2025

HirtProductions Bridges Continents with Spiritually Uplifting Cinema

07/02/2025
supplychainreport
Thursday, July 3, 2025
  • Home
  • Industry
    • Supply Chain
    • Logistics & Transportation
    • Importing & Exporting
    • Manufacturing
    • Warehousing & Distribution
  • Compliance
    • Supply Chain Transparency
    • Anti-Money Laundering (AML)
    • Know Your Customer (KYC)
    • Risk Management
    • Export Controls
    • Sanctions
  • Global Trade
    • Market Trends
    • Economic Indicators
    • Sourcing
    • Trade Policies
    • International Relations
    • Trade Agreements
    • Tariffs & Duties
    • Import/Export Statistics
  • Luxury Goods
  • Industry
    • Blockchain in Supply Chain
    • Importing & Exporting
    • Automation & Robotics
    • Artificial Intelligence in Trade
    • Data & Analytics
  • Sustainability & Ethics
    • Green Supply Chains
    • Sustainable Logistics
    • Ethical Sourcing
    • Corporate Social Responsibility
    • Environmental Policies
  • Security & Risk
    • Cybersecurity in Trade
    • Fraud & Scams
    • Risk Mitigation
    • Security Protocols
    • Data Protection
  • ITC News
    • ITC Featured Members
    • ITC Business Councils Highlights
  • Events
    • Upcoming Conferences
    • Upcoming FREE Educational Webinars
No Result
View All Result
supplychainreport
No Result
View All Result

GitLab Addresses Critical Vulnerability Demanding Immediate Patching

by Richie
01/15/2024
in Cybersecurity in Trade, Data & Analytics, Data Protection, Security & Risk

YOU MAY ALSO LIKE

Merchant International Systems Ltd Nominated for 2025 Go Global Awards in London

Merchant International Systems Limited Recognized for Excellence in Safety and Technology Solutions

GitLab administrators are urged to promptly apply the latest security patches following the disclosure of a critical account-bypass vulnerability. Tracked as CVE-2023-7028, the vulnerability takes advantage of a change introduced in GitLab’s version 16.1.0 in May 2023. This change enabled users to issue password resets through a secondary email address, exposing them to potential exploitation.

Exploiting the vulnerability involves using a specially crafted HTTP request to send a password reset email to an attacker-controlled, unverified email address. The account takeover can be completed without user intervention, making users without two-factor authentication (2FA) particularly susceptible.

Users with 2FA enabled are protected from complete account takeover, although a password reset could still be achieved if the attacker also has control of the 2FA authenticator. GitLab supports app-based 2FA and WebAuthn device-based 2FA, which are considered more secure than SMS-based 2FA.

Affected GitLab versions that require immediate patching include:

  • 16.1 to 16.1.5
  • 16.2 to 16.2.8
  • 16.3 to 16.3.6
  • 16.4 to 16.4.4
  • 16.5 to 16.5.5
  • 16.6 to 16.6.3
  • 16.7 to 16.7.1

All authentication mechanisms, including some using single sign-on (SSO), are impacted. GitLab recommends disabling password authentication options for self-managed customers with external identity providers configured to mitigate the vulnerability.

The vulnerability was reported through GitLab’s bug bounty program, and while there is currently no evidence of successful exploitation, wider attempts are anticipated following its public disclosure. Admins are advised to apply patches swiftly, and in the interim, enforcing 2FA for all accounts is recommended as a stop-gap measure to prevent account takeover attempts.

GitLab is actively addressing the situation by adding new tests to validate password reset logic, conducting a root cause analysis, and updating documentation to enhance awareness. A secondary critical vulnerability, CVE-2023-5356, allowing attackers to execute slash commands in Slack or Mattermost, was also addressed in the same patch round. Other less-severe fixes were introduced to address various issues across GitLab versions.

Explore top supply chain news stories at The Supply Chain Report. Visit ADAMftd.com for free international trade tools.

#GitLabSecurity #CVE20237028 #AccountBypassVulnerability #CyberSecurity #PatchManagement #TwoFactorAuthentication #DataProtection #VulnerabilityDisclosure #InfoSec #SoftwareUpdates #SecurityPatches #BugBounty #CyberAwareness #GitLab #AccountTakeover #CyberRiskManagement

ShareTweet

Subscribe Our Newsletter

Share Your News

Whether it’s a groundbreaking achievement, a heartwarming tale, or an insightful perspective, we want to hear it. Share your news with us, and let’s amplify your voice in the digital symphony of stories.

Submit

A man is riding a bike on a hill.

The Supply Chain Report is your essential daily news website, serving as a trusted source for comprehensive coverage of the complex and ever-evolving global supply chain dynamics. Our expert team delves into the intricacies of international trade, manufacturing, logistics, importing, exporting, and supply chain management; providing in-depth analysis and up-to-date news on the latest trends, disruptions, and technological advancements affecting industries worldwide. From detailed reports on international trade through to insights into procurement strategies and inventory management, we offer valuable content that helps professionals stay informed and make knowledgeable decisions in a fast-paced market.

Each day, we bring you cutting-edge news and expert commentary that dissect significant international trade and supply chain issues Our coverage spans a wide array of sectors including manufacturing, retail, healthcare, food, consumer goods, and technology, ensuring that no matter your field, you have the strategic information needed to navigate the challenges and opportunities of today’s supply chain landscape. By synthesizing complex data and presenting actionable insights, The Supply Chain Report empowers business leaders, policymakers, and logistics professionals to optimize their operations and drive forward with confidence in an interconnected world.

Connect With Us

  • About
  • Events
  • Privacy Policy
  • Contact Us

© 2024 International Centre for Trade Transparency Limited. Incorporated in the United Kingdom.

No Result
View All Result
  • Home
  • Industry
    • Supply Chain
    • Logistics & Transportation
    • Importing & Exporting
    • Manufacturing
    • Warehousing & Distribution
  • Compliance
    • Supply Chain Transparency
    • Anti-Money Laundering (AML)
    • Know Your Customer (KYC)
    • Risk Management
    • Export Controls
    • Sanctions
  • Global Trade
    • Market Trends
    • Economic Indicators
    • Sourcing
    • Trade Policies
    • International Relations
    • Trade Agreements
    • Tariffs & Duties
    • Import/Export Statistics
  • Luxury Goods
  • Industry
    • Blockchain in Supply Chain
    • Importing & Exporting
    • Automation & Robotics
    • Artificial Intelligence in Trade
    • Data & Analytics
  • Sustainability & Ethics
    • Green Supply Chains
    • Sustainable Logistics
    • Ethical Sourcing
    • Corporate Social Responsibility
    • Environmental Policies
  • Security & Risk
    • Cybersecurity in Trade
    • Fraud & Scams
    • Risk Mitigation
    • Security Protocols
    • Data Protection
  • ITC News
    • ITC Featured Members
    • ITC Business Councils Highlights
  • Events
    • Upcoming Conferences
    • Upcoming FREE Educational Webinars

© 2024 International Centre for Trade Transparency Limited. Incorporated in the United Kingdom.