| Description: | | GitLab is a robust version control and collaboration platform used for managing software development tasks such as code repositories, projects, issue tracking, continuous integration, and deployment. In GitLab CE/EE, there is support for users to reset passwords via a secondary email address. Due to an error in the email verification process, an attacker could send the password reset email to an unverified email address, leading to an account takeover through password reset without requiring user interaction. Enabling two-factor authentication can mitigate this issue. The affected versions include 16.1 to 16.1.6, 16.2 to 16.2.9, 16.3 to 16.3.7, 16.4 to 16.4.5, 16.5 to 16.5.6, 16.6 to 16.6.4, and 16.7 to 16.7.2. |