CVE-2023-7028

GitLab has released a security update that fixes two critical vulnerabilities, one of which (CVE-2023-7028) allows an attacker to exploit a flaw in the mailbox authentication process to hijack a user account by sending a password reset email to an unauthenticated mailbox. The vulnerability affects multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE).GitLab has released a fix and advises users to upgrade to the fixed version as soon as possible and enable dual authentication for added security.