ZDNet

GitLab fixes security issue that let anyone hijack custom domains

A security researcher hijacked hundreds of GitLab domains in just a few seconds by exploiting a weakness in how the company handles domain verification -- a security issue that the company has now ...
Bleeping Computer

GitLab patches high severity account takeover, missing auth issues

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in ...
Bleeping Computer

Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. GitLab is a popular web-based ...