Security researcher Asterion discovered and reported the vulnerability to GitLab via the HackerOne bug bounty platform.
It first appeared in the May 1, 2023 release of GitLab version 16.1.0.
The vulnerability is a result of a bug in the email verification process.
Within these versions, all authentication mechanisms are impacted.
It also advises users to enable 2FA for all GitLab accounts (and especially for administrator accounts).
source: www.techworm.net
