Vulnerability Details : CVE-2023-7028
Public exploit exists!
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Products affected by CVE-2023-7028
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
CVE-2023-7028 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
Notes:
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-7028
Added on
2024-05-01
Action due date
2024-05-22
Exploit prediction scoring system (EPSS) score for CVE-2023-7028
93.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-7028
-
GitLab Password Reset Account Takeover
Disclosure Date: 2024-01-11First seen: 2024-03-08auxiliary/admin/http/gitlab_password_reset_account_takeoverThis module exploits an account-take-over vulnerability that allows users to take control of a gitlab account without user interaction. The vulnerability lies in the password reset functionality. Its possible to provide 2 emails and the reset code will be sent to both. It is
CVSS scores for CVE-2023-7028
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
3.9
|
5.8
|
GitLab Inc. | 2024-01-12 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-09-03 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-01-18 |
CWE ids for CVE-2023-7028
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: cve@gitlab.com (Secondary)
-
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.Assigned by:
- cve@gitlab.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-7028
-
https://gitlab.com/gitlab-org/gitlab/-/issues/436084
Not FoundExploit;Issue Tracking;Vendor Advisory
-
https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028
Exploit;Third Party Advisory
-
https://hackerone.com/reports/2293343
Sign in | HackerOnePermissions Required
-
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 | GitLabVendor Advisory
Jump to