10.0 is mentioned in the blog post - I don't follow CVE nomenclature closely but that's the score, right? And it's as bad as it can get?<p>I assume the CVE website would normally have this info but it's only showing the number as reserved right now.
This fixes an account take over issue <a href="https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/#account-takeover-via-password-reset-without-user-interactions" rel="nofollow">https://about.gitlab.com/releases/2024/01/11/critical-securi...</a>