The Human Connection Blog
1 MIN READ
New Cyber Threat Intelligence Lab release!
BenMcCarthy
Immerser
11 months agoToday we have a brand new set of labs related to CVE-2023-7028 (GitLab Account Takeover)
On Friday, January 12, 2024, NVD released information on a new vulnerability in GitLab in which an attacker could completely take over a users' account by abusing a logic error in the password reset functionality. Successful exploitation could allow an attacker to access incredibly sensitive data such as code, credential files, and much more, meaning attackers could change the code left in GitLab to affect publicly released products in a way similar to the SolarWinds hack.
Who's it for?
- SOC Analysts
- Threat Hunters
- Incident Responders
- Penetration Testers
What are the key takeaways?
- Identify the account takeover vulnerability in the GitLab v.16.2.4 server
- Identify evidence of exploitation and the logs left behind from successful exploitation
- Demonstrate the account takeover vulnerability in GitLab v.16.2.4 server
CyberPro licensed users can access the new CTI labs by following the links below.
Updated 11 months ago
Version 2.0BenMcCarthy
Immerser
Joined May 30, 2024
The Human Connection Blog
Learn from our passionate experts on a wide range of subjects from Cyber Threat Research to maximizing value with Immersive, plus, hear from our outstanding customers who are keen to share their experiences.