CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets.

Tracked as CVE-2023-7028, the security flaw is due to an improper access control weakness that can allow remote unauthenticated threat actors to send password reset emails to email accounts under their control to change the password and hijack targeted accounts without user interaction.