SEARCH
Archive
GitLab Patches Critical Account Takeover Flaw
The flaw (CVE-2023-7028) stems from the fact that user account password reset emails can be delivered to unverified email addresses.
GitLab Patches Critical Account Takeover Flaw
The critical flaw (CVE-2022-1680) can allow for account takeover in impacted installations that have not been upgraded.
GitLab Fixes Critical Account-Takeover Bug
GitLab has patched a critical vulnerability caused by hardcoded passwords in several versions.
Time, Not Money, Kills Bugs
The measure of a bug bounty program's success is not how much researchers were paid, but how the organization handled the volume of new reports. GitLab's James Ritchey share some of the lessons learned in the company's first year of the public bug bounty program.