CVE-2023-7028

Warning

Exploit

EPSS 93.6%
Published 12.01.2024 14:15:49
Last modified 20.12.2024 19:05:19
Source cve@gitlab.com
Teams watchlist Login
Open Login

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Affected products Warnungen 1 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.1.0 < 16.1.6

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.1.0 < 16.1.6

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.2.0 < 16.2.9

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.2.0 < 16.2.9

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.3.0 < 16.3.7

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.3.0 < 16.3.7

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.4.0 < 16.4.5

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.4.0 < 16.4.5

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.5.0 < 16.5.6

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.5.0 < 16.5.6

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.6.0 < 16.6.4

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.6.0 < 16.6.4

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.7.0 < 16.7.2

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.7.0 < 16.7.2

01.05.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

GitLab Community and Enterprise Editions Improper Access Control Vulnerability

Vulnerability

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.6%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@gitlab.com	10	3.9	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://gitlab.com/gitlab-org/gitlab/-/issues/436084

Vendor Advisory

Exploit

Issue Tracking

https://hackerone.com/reports/2293343

Permissions Required

https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-7028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7028

EUVD