Email Password Reset Vulnerability Affects GitLab Versions

CVE-2023-7028

9.8CRITICAL

Key Information

Vendor
Gitlab
Status
Gitlab
Vendor
CVE Published:
12 January 2024

Badges

šŸ”„ No. 1 TrendingšŸ˜„ TrendedšŸ‘¾ Exploit ExistsšŸ”“ Public PoCšŸŸ£ EPSS 91%šŸ“° News Worthy

What is CVE-2023-7028?

CVE-2023-7028 is a vulnerability identified in GitLab, a popular platform used for software development and version control. The issue affects multiple versions of GitLab Community Edition and Enterprise Edition, which are utilized by organizations for managing code repositories and facilitating collaboration among developers. This vulnerability permits user account password reset emails to be sent to unverified email addresses, potentially enabling unauthorized access to accounts. Such unauthorized access could have severe implications for an organizationā€™s security posture, leading to data breaches or compromise of sensitive projects.

Technical Details

The vulnerability impacts GitLab versions ranging from 16.1 to 16.7, specifically those prior to updates 16.1.6, 16.2.9, 16.3.7, 16.4.5, 16.5.6, 16.6.4, and 16.7.2. It arises from the failure of the system to properly validate email addresses used in the password reset process. As a result, an attacker can manipulate this process, directing reset emails to any email address of their choice, regardless of verification status. This flaw may allow attackers to hijack user accounts if they gain access to the email account receiving the reset link.

Impact of the Vulnerability

  1. Unauthorized Account Access: Attackers can exploit the vulnerability to gain unauthorized access to user accounts, posing a significant risk to sensitive information and project integrity.

  2. Data Breach Potential: Once an account is compromised, attackers could access confidential data, intellectual property, and sensitive project details, leading to potential data breaches that could have legal and reputational repercussions for the organization.

  3. Increased Risk of Further Exploitation: With access to compromised accounts, attackers may initiate further attacks, including deployment of malware, unauthorized changes to code repositories, or lateral movements within the organizationā€™s systems, thereby amplifying the overall security threat.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-7028 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

GitLab < 16.1.6

GitLab < 16.2.9

GitLab < 16.3.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7028
Created by Vozec

CVE-2023-7028
Created by RandomRobbieBF

gitlab_honeypot
Created by Esonhugh

News Articles

favicon imageBleepingComputer

GitLab: Critical bug lets attackers run pipelines as other users

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.

5 months ago

favicon imageSC Media

CISA: Immediate GitLab account takeover flaw remediation crucial amid attacks

Ongoing intrusions targeting GitLab instances impacted by the maximum severity account takeover vulnerability, tracked as CVE-2023-7028, have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged t...

6 months ago

favicon imageBleepingComputer

High-severity GitLab flaw lets attackers take over accounts

GitLab patched a high-severity vulnerability that unauthenticatedĀ attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.

7 months ago

Refferences

https://gitlab.com/gitlab-org/gitlab/-/issues/436084
issue-tracking
https://hackerone.com/reports/2293343
technical-descriptionexploitpermissions-required

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • šŸ”“

    Public PoC available

  • CISA Reported

  • šŸ‘¾

    Exploit known to exist

  • Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

  • First article discovered by Help Net Security

  • šŸ”„

    Vulnerability reached the number 1 worldwide trending spot

Collectors

NVD DatabaseMitre DatabaseCISA Database7 Proof of Concept(s)24 News Article(s)

Credit

Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program
.