Jakaba03

**Name of the Vulnerable Software and Affected Versions** GitLab versions 16.1 through 16.7.1 **Description** The issue allows an attacker to specify a secondary email during a password reset request, enabling account takeover via password reset without user interaction. This vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) and has a maximum severity score. Over 5,300 internet-exposed GitLab instances are vulnerable to this flaw. The vulnerability can be exploited by sending a password reset email to an unverified email address, allowing an attacker to take over an account. Two-factor authentication can prevent account takeover but not password reset. **Recommendations** For GitLab versions 16.1 through 16.7.1, update to the latest patched version, such as 16.7.2, 16.6.4, or 16.5.6, to prevent account takeover via password reset. Enable two-factor authentication to add an extra layer of security and prevent account takeover, even if the password is reset. As a temporary workaround, consider restricting access to the password reset feature until a patch is applied.