Email Password Reset Vulnerability Affects GitLab Versions

CVE-2023-7028

10CRITICAL

Key Information

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 12 January 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟣 EPSS 95%📰 News Worthy

Summary

A critical vulnerability, CVE-2023-7028, has been discovered in GitLab versions 16.1 to 16.7, which allows for password reset emails to be delivered to unverified email addresses, potentially leading to account takeovers. While there have been no known exploits or ransomware attacks as a result of this vulnerability, GitLab has released security updates to address this and other critical vulnerabilities affecting their Community Edition and Enterprise Edition. Users and administrators of affected product versions are strongly advised to upgrade to the latest versions immediately, with additional security measures being implemented to protect customers.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-7028 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

GitLab < 16.1.6

GitLab < 16.2.9

GitLab < 16.3.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7028
Created by Vozec

CVE-2023-7028
Created by RandomRobbieBF

gitlab_honeypot
Created by Esonhugh

News Articles

BleepingComputer

CVE-2023-7028

GitLab: Critical bug lets attackers run pipelines as other users

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.

4 months ago

SC Media

CVE-2023-7028

CISA: Immediate GitLab account takeover flaw remediation crucial amid attacks

Ongoing intrusions targeting GitLab instances impacted by the maximum severity account takeover vulnerability, tracked as CVE-2023-7028, have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged t...

5 months ago

BleepingComputer

CVE-2023-7028

High-severity GitLab flaw lets attackers take over accounts

GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.

6 months ago

EPSS Score

95% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Oct 4, 2024
Risk change from: 9.8 to: 10 - (CRITICAL)
Sep 18, 2024
Risk change from: 7.5 to: 10 - (CRITICAL)
Aug 29, 2024
Risk change from: 7.5 to: 10 - (CRITICAL)
Aug 19, 2024
Risk change from: 7.5 to: 10 - (CRITICAL)
Jul 25, 2024
Risk change from: 7.5 to: 10 - (CRITICAL)
Jul 24, 2024
Risk change from: 7.5 to: 10 - (CRITICAL)
Jul 24, 2024
Vulnerability started trending.
Jan 14, 2024
Vulnerability published.
Jan 12, 2024
Vulnerability Reserved.
Dec 20, 2023
First article discovered by Help Net Security
Dec 6, 2023
🔥
Vulnerability reached the number 1 worldwide trending spot.
Jan 1, 1970

Collectors

NVD DatabaseMitre DatabaseCISA Database7 Proof of Concept(s)24 News Article(s)

Credit

Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program