GitLab has released security updates to address multiple vulnerabilities in the company’s DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. […]
from https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/