●● IRC: #techbytes @ Techrights IRC Network: Saturday, January 27, 2024 ●● ● Jan 27 [04:23] *u-amarsh04 has quit (Ping timeout: 2m30s) [04:47] *gnulinuxuser (~monkeybusiness@m5q38i7r34uc6.irc) has joined #techbytes ● Jan 27 [06:36] *u-amarsh04 (~amarsh04@dc77dxzcmjmaq.irc) has joined #techbytes ● Jan 27 [08:07] schestowitz[TR]
[08:07] schestowitz[TR][08:07] schestowitz[TR]YottaDB processes can opt to share their operational database statistics. If at process startup, the environment variable ydb_statshare is 1. Optionally, the environment variable ydb_statsdir can be set to a temporary directory for sharing and monitoring.
[08:07] schestowitz[TR]
[08:56] schestowitz[TR][08:56] schestowitz[TR]Tracked as CVE-2023-7028 (CVSS score of 10), the issue allows attackers to have password reset messages sent to unverified email addresses under their control, potentially leading to account takeover.
[08:56] schestowitz[TR]The flaw was introduced in GitLab 16.1.0, when a new option was added to allow users to have password reset messages sent to a secondary email address and allowed for these messages to be sent to unverified addresses.
[08:56] schestowitz[TR]