GitLab Patches Critical Account Takeover Vulnerability
GitLab has patched a high-severity XSS vulnerability (CVE-2024-4835) in its VS code editor that could allow unauthenticated attackers to take over user accounts. The company urges immediate updates to versions 17.0.1, 16.11.3, and 16.10.6 for both Community and Enterprise Editions. Additionally, six medium-severity flaws were also addressed, including a CSRF vulnerability and a denial-of-service bug. GitLab accounts are high-value targets due to the sensitive data they host, and previous vulnerabilities have been actively exploited.