https://community.isc2.org/t5/Threats/More-Than-5-000-GitLab-Instances-Still-Vulnerable-to-Password/m-p/66727#M1060 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;Thank you for contributing your thoughts.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Jan 2024 00:59:13 GMT Kyaw_Myo_Oo 2024-01-30T00:59:13Z https://community.isc2.org/t5/Threats/More-Than-5-000-GitLab-Instances-Still-Vulnerable-to-Password/m-p/66645#M1054 <P>Dear all,</P><P>&nbsp;</P><P><SPAN>A critical vulnerability in GitLab disclosed earlier this month allows account takeovers without user interaction. GitLab released Critical Security Release: 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to address the vulnerability and four others. As of Tuesday, January 23, more than 5,300 GitLab instances remain unpatched, according to data from the Shadowserver Foundation.</SPAN></P><P>&nbsp;</P><P><SPAN><A href="https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/?is=2e17210a000df3b23714ee0b7fabf90d53a139a7fd871f741a8f77fe7ad94a1a" target="_blank">https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/?is=2e17210a000df3b23714ee0b7fabf90d53a139a7fd871f741a8f77fe7ad94a1a</A></SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sat, 27 Jan 2024 14:11:53 GMT https://community.isc2.org/t5/Threats/More-Than-5-000-GitLab-Instances-Still-Vulnerable-to-Password/m-p/66645#M1054 Kyaw_Myo_Oo 2024-01-27T14:11:53Z https://community.isc2.org/t5/Threats/More-Than-5-000-GitLab-Instances-Still-Vulnerable-to-Password/m-p/66659#M1055 You know I think this isn’t lazy to patch, it’s just a bunch of really smart administrators outsourcing the awful chore of password management… Sat, 27 Jan 2024 22:36:16 GMT https://community.isc2.org/t5/Threats/More-Than-5-000-GitLab-Instances-Still-Vulnerable-to-Password/m-p/66659#M1055 Early_Adopter 2024-01-27T22:36:16Z https://community.isc2.org/t5/Threats/More-Than-5-000-GitLab-Instances-Still-Vulnerable-to-Password/m-p/66727#M1060 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;Thank you for contributing your thoughts.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Jan 2024 00:59:13 GMT https://community.isc2.org/t5/Threats/More-Than-5-000-GitLab-Instances-Still-Vulnerable-to-Password/m-p/66727#M1060 Kyaw_Myo_Oo 2024-01-30T00:59:13Z