GitLab, a leading DevSecOps platform, has issued security updates to address two critical vulnerabilities, one of which could allow attackers to take over user accounts without any user interaction. The flaw, tracked as CVE-2023-7028, has been assigned a maximum severity rating of 10.0 on the CVSS scoring system.

The vulnerability stems from a bug in GitLab's email verification process, which enables users to reset their passwords through a secondary email address. Exploiting this flaw, attackers can send password reset emails to unverified email addresses, potentially facilitating account takeover. The impact of this vulnerability affects all self-managed instances of GitLab Community Edition (CE) and Enterprise Edition (EE) in specific versions prior to 16.1.6, 16.6.4, and 16.7.2.

GitLab promptly addressed the issue in versions 16.5.6, 16.6.4, and 16.7.2, while also backporting the fix to versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5. The bug was introduced on May 1, 2023, with version 16.1.0.

The company emphasized that all authentication mechanisms are impacted by this vulnerability within the affected versions. Users with two-factor authentication enabled are protected from account takeover but are still vulnerable to password reset, as the second authentication factor is required to log in.

In addition to the account takeover vulnerability, GitLab has also addressed another critical flaw, identified as CVE-2023-5356, with a CVSS score of 9.6. This vulnerability allows users to abuse Slack/Mattermost integrations to execute slash commands as another user.

To mitigate potential threats, GitLab advises users to upgrade their instances to the patched versions as soon as possible. Additionally, enabling two-factor authentication (2FA) is highly recommended, especially for users with elevated privileges.

Maintaining updated software and security measures is essential to protect organizations and users from potential exploits. GitLab's quick response in releasing patches underscores their commitment to maintaining a secure platform, safeguarding users and their valuable data.