GitLab patches high severity account takeover, missing auth issues

GitLab patches high severity account takeover, missing auth issues

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.

New GitHub Device Code Phishing Attacks Targeting Developers To Steal Tokens - Cybernoz - Cybersecurity News

Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits GitHub’s OAuth2 device authorization flow to compromise developer accounts and steal authentication tokens. This emerging threat represents a significant evolution in social engineering tactics, leveraging legitimate GitHub functionality to bypass traditional security measures and gain unauthorized access to source code repositories, CI/CD pipelines, an…

Unpatched holes could allow takeover of GitLab accounts

A new vulnerability in GitLab’s Community and Enterprise Editions used for managing source code is “dangerous” and needs to be quickly patched, says an expert. The vulnerability, CVE-2025-5121, is one of 10 described Wednesday by GitLab as it released bug and security fixes for self-managed installations. “We strongly recommend that all self-managed GitLab installations be upgraded to one of these [patched] versions [18.0.2, 17.11.4, 17.10.8] im…

Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks

GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services. The new versions—18.0.2, 17.11.4, and 17.10.8 for both Community Edition (CE) and Enterprise Edition (EE)—contain critical fixes, and administrators are strongly advised to upgrade immediately. […] The post Multiple Gi…