CVE-2023-7028

Warnung

Exploit

EPSS 93.6%
Veröffentlicht 12.01.2024 14:15:49
Zuletzt bearbeitet 20.12.2024 19:05:19
Quelle cve@gitlab.com
Teams Watchlist Login
Unerledigt Login

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.1.0 < 16.1.6

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.1.0 < 16.1.6

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.2.0 < 16.2.9

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.2.0 < 16.2.9

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.3.0 < 16.3.7

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.3.0 < 16.3.7

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.4.0 < 16.4.5

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.4.0 < 16.4.5

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.5.0 < 16.5.6

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.5.0 < 16.5.6

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.6.0 < 16.6.4

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.6.0 < 16.6.4

Gitlab ≫ Gitlab SwEditioncommunity Version >= 16.7.0 < 16.7.2

Gitlab ≫ Gitlab SwEditionenterprise Version >= 16.7.0 < 16.7.2

01.05.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

GitLab Community and Enterprise Editions Improper Access Control Vulnerability

Schwachstelle

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.6%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@gitlab.com	10	3.9	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://gitlab.com/gitlab-org/gitlab/-/issues/436084

Vendor Advisory

Exploit

Issue Tracking

https://hackerone.com/reports/2293343

Permissions Required

https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-7028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7028

EUVD