2018-07-03 21:00:00
hackerone
PUBLISHED
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victims session is compromised.