Overview
- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- GitLab Community and Enterprise Editions Improper Access Control Vulnerability
- Exploit added on
- May 1, 2024
- Exploit action due
- May 22, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Social media
- Hype score
- Not currently trending
Great start for new target 馃敟 Started recon on a target, I found a Gitlab subdomain and searched for the revision ID in the page source code. It is vulnerable to CVE-2023-7028 that lets attackers to take over accounts! Time to get some code! 馃槑 #BugBounty #BugBountytips #Hacking
@Verickhack
4 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Great start for new target 馃敟 Started recon on a target, I found a Gitlab subdomain and searched for the revision ID in the page source code. It is vulnerable to CVE-2023-7028 that lets attackers to take over accounts! Time to get some code! 馃槑 #BugBounty #BugBountytips #Hacking
@chux13786509
4 Nov 2024
5232 Impressions
7 Retweets
102 Likes
54 Bookmarks
3 Replies
0 Quotes
GitLab CVE-2023-7028 #cybersecurity https://t.co/aKPJWN7Rfm
@mustyx0x1
31 Oct 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D1D5473-F384-420D-BD91-F2466F2CA278",
"versionEndExcluding": "16.1.6",
"versionStartIncluding": "16.1.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BEF9E84-75C1-41C0-BE14-7F550E2BE932",
"versionEndExcluding": "16.1.6",
"versionStartIncluding": "16.1.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D29FF9D-9113-44A9-99C2-074B1B217B7C",
"versionEndExcluding": "16.2.9",
"versionStartIncluding": "16.2.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEA35F1C-5E02-407B-ADC6-4FDEFF885E59",
"versionEndExcluding": "16.2.9",
"versionStartIncluding": "16.2.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3F039EF-84DD-41B6-AB5D-BF3F44A488C2",
"versionEndExcluding": "16.3.7",
"versionStartIncluding": "16.3.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02C5947D-659A-4AE9-B2C8-08287AC03BF2",
"versionEndExcluding": "16.3.7",
"versionStartIncluding": "16.3.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C89EFE63-81D9-4964-BE91-BF31AA40C165",
"versionEndExcluding": "16.4.5",
"versionStartIncluding": "16.4.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B4C9455-DBA2-480B-8C59-898BC9DB8795",
"versionEndExcluding": "16.4.5",
"versionStartIncluding": "16.4.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1A5DDAD-5B04-4643-8ACD-15D7C6CD76C2",
"versionEndExcluding": "16.5.6",
"versionStartIncluding": "16.5.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24A21A70-46F1-4B28-BECB-4266AABBBD57",
"versionEndExcluding": "16.5.6",
"versionStartIncluding": "16.5.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875",
"versionEndExcluding": "16.6.4",
"versionStartIncluding": "16.6.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7",
"versionEndExcluding": "16.6.4",
"versionStartIncluding": "16.6.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E66EC8A8-E889-450A-86B4-7D930788FF58",
"versionEndExcluding": "16.7.2",
"versionStartIncluding": "16.7.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDBB44E5-7ED3-4C9B-9241-2E6DB79A3E27",
"versionEndExcluding": "16.7.2",
"versionStartIncluding": "16.7.0"
}
],
"operator": "OR"
}
]
}
]