Heads up everyone! 10/10 in GitLab:
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
The vendor strongly recommends updating as soon as possible all vulnerable versions of the DevSecOps platform (manual update required for self-hosted installations) and warns that if there is "no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.”
You must log in or # to comment.
@briankrebs@infosec.exchange
Stick to resd-only for now.
@briankrebs@infosec.exchange Thank you, this was timely and I really appreciate these notices.