[sarki_247]

(GitLab Team member here) You can learn more about the disclosure from GitLab, the security releases made and the recommended actions at https://about.gitlab.com/releases/2024/01/11/critical-securi...

[maxnoe]

How does the attacker introduce the controlled email as secondary email of the user they want to take over?

[nemoniac]

Am I missing something or does the security release recommend updating to the latest version without saying what that latest version is (at time of writing)?

Come to think of it, how can you find what version of Gitlab is being run? (through the web interface on a CE instance)

[upon_drumhead]

It says it three times in the first three sections.

For example

> Today we are releasing versions 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).

[adamjb]

>how can you find what version of Gitlab is being run? (through the web interface on a CE instance)

It's up the top at gitlab.example.com/help