Techly NewsGet the app

Get the latest tech news

Maximum-Severity GitLab Flaw Allowing Account Hijacking Under Active Exploitation


Dan Goodin reports via Ars Technica: A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in J...

With the ability to access them and surreptitiously introduce changes, attackers could sabotage projects or plant backdoors that could infect anyone using software built in the compromised environment. By hacking a single, carefully selected target, attackers gain the means to infect thousands of downstream users, often without requiring them to take any action at all. According to Internet scans performed by security organization Shadowserver, more than 2,100 IP addresses showed they were hosting one or more vulnerable GitLab instances.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of active exploitation

active exploitation

Photo of severity gitlab flaw

severity gitlab flaw

Photo of account hijacking

account hijacking

Related news:

News photo

Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica

News photo

Vulnerable Arm GPU Drivers Under Active Exploitation, Patches May Not Be Available

« As India Votes, Misinformation Surges on Social Media
Apple reports second quarter results (FY24) »