🚨High Risk Vulnerability Alert! 🚨: CVE-2024-4024 An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab. CVSSv3.1 Base Score: 7.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #gitlab #bitbucket #apisecurity #owasp https://lnkd.in/dr8yXiDh
API ThreatStats’ Post
More Relevant Posts
-
Vulnerability 02 Critical Gitlab vulnerability exposes 2FA-less users to account takeovers Tracked as CVE-2023-7028, exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to issue password resets through a secondary email address.
To view or add a comment, sign in
-
Hi friends, One of my reports submitted in HackerOne is now triaged and the issue related to my report in GitLab is now public. So, you can read it below and find out how I was able to find the bug. I hope this helps someone smoehow. ✌️✌️✌️✌️ https://lnkd.in/gvY4giRY #bugbounty #hackerone #gitlab
To view or add a comment, sign in
-
🚨 High Risk Vulnerability Alert! GitLab EE has a resource exhaustion issue affecting versions from 13.3.0 to 16.8.2. This flaw allows an attacker to exploit the system using GraphQL, leading to potential system instability. CVE-2024-1066. #GitLab #Vulnerability #OWASP #API4 #API7 #CWE400 🚨 https://lnkd.in/enCGjE7e
To view or add a comment, sign in
-
Congrats to Aditya Sirish A Yelgundhalli and team for their release of GitTuf! The Update Framework (TUF) is an incredibly powerful framework for managing trust policies for software artifacts, and it can now be easily applied at the source code level. We use TUF extensively within Sigstore, and it really is the only framework that works at scale for artifact signing, PKI, and rotation. Excited to see this work continue into different domains. #tuf #updateframework #openssf https://gittuf.github.io/
Home
gittuf.github.io
To view or add a comment, sign in
-
Excited to share my latest accomplishment in Spring Security! 💻 Just successfully configured Spring Security for version 3.2.4, and it's running seamlessly across all 3.0 versions. 🚀 Tested the code on my system, and it's performing exceptionally well. Stay tuned for more insights as I'll be sharing the configuration details soon. Plus, keep an eye out for my upcoming project on GitHub! 👀 #SpringSecurity #VersionUpgrade #CodePerformance #GitHubProject
To view or add a comment, sign in
-
🚨Medium Risk Vulnerability🚨 in #gRPC #Go library by #GitHub. Private tokens could appear in logs if context containing gRPC metadata is logged. This is a potential PII concern. The issue is patched in versions 1.64.1 and 1.65.0. #OWASP #APIsecurity #InfoSec https://lnkd.in/eT7_YJu2
To view or add a comment, sign in
-
NEW FREE RECENT THREAT ROOM - GitLab 👀 Get hold of any GitLab admin/user account using CVE-2023-7028 🕵️♂️ Explore the initial cause 🛡 Exploit the vulnerability 🔥 Implement detection and mitigation https://hubs.la/Q02gMXQc0
To view or add a comment, sign in
-
-
TryHackMe offers insightful threat rooms that facilitate a comprehensive understanding of how threat actors can potentially infiltrate your environment. I highly recommend individuals interested in security to leverage these tools!
NEW FREE RECENT THREAT ROOM - GitLab 👀 Get hold of any GitLab admin/user account using CVE-2023-7028 🕵️♂️ Explore the initial cause 🛡 Exploit the vulnerability 🔥 Implement detection and mitigation https://hubs.la/Q02gMXQc0
To view or add a comment, sign in
-
-
A Bucket of Monkey...wrenches: researchers game insecurities in "Secured Variables" function of version control repository, while vendor claims it's goes against best practice security instructions https://lnkd.in/ec_wnQMQ
Bitbucket artifact files can leak plaintext authentication secrets
bleepingcomputer.com
To view or add a comment, sign in
-
Digital Marketing Executive | Technical Content Sharing | Sharing Latest AI Tools 🤖 | Hiring and Skill Acquisition
Top 12 Tips for API Security - Use HTTPS - Use OAuth2 - Use WebAuthn - Use Leveled API Keys - Authorization - Rate Limiting - API Versioning - Whitelisting - Check OWASP API Security Risks - Use API Gateway - Error Handling - Input Validation Follow Mohamed Rilwan for more such content Like | Share | Comment Credits: ByteByteGo
To view or add a comment, sign in
-