![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDeP7gwKmWqGZhuMEeZf-4mkSyiukqWItxQIm7ahS-H4gDilddxygP56bL_s1RvZinYKvnjTdehhi12YDNklSKW3sAbujfhRIekIxvDhdiMA2JCAHeeyuIVMeYB-0wv_wJWXYtu2CpBGDWqqPv4LaQarqB0tkpEEu2G7isz7D_WdIesLZDyutlhN7Gvou/s1600/gitlab.png)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.
Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email
Source:: The Hackers News