An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Published 2024-01-12 14:15:49
Updated 2024-12-20 19:05:20
Source GitLab Inc.
View at NVD,   CVE.org

Products affected by CVE-2023-7028

  • Gitlab » Gitlab » Enterprise Edition
    Versions from including (>=) 16.3.0 and before (<) 16.3.7
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  • Gitlab » Gitlab » Community Edition
    Versions from including (>=) 16.2.0 and before (<) 16.2.9
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
  • Gitlab » Gitlab » Enterprise Edition
    Versions from including (>=) 16.5.0 and before (<) 16.5.6
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  • Gitlab » Gitlab » Enterprise Edition
    Versions from including (>=) 16.4.0 and before (<) 16.4.5
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  • Gitlab » Gitlab » Community Edition
    Versions from including (>=) 16.1.0 and before (<) 16.1.6
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
  • Gitlab » Gitlab » Enterprise Edition
    Versions from including (>=) 16.1.0 and before (<) 16.1.6
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  • Gitlab » Gitlab » Community Edition
    Versions from including (>=) 16.6.0 and before (<) 16.6.4
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
  • Gitlab » Gitlab » Community Edition
    Versions from including (>=) 16.5.0 and before (<) 16.5.6
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
  • Gitlab » Gitlab » Enterprise Edition
    Versions from including (>=) 16.2.0 and before (<) 16.2.9
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  • Gitlab » Gitlab » Community Edition
    Versions from including (>=) 16.3.0 and before (<) 16.3.7
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
  • Gitlab » Gitlab » Community Edition
    Versions from including (>=) 16.4.0 and before (<) 16.4.5
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
  • Gitlab » Gitlab » Enterprise Edition
    Versions from including (>=) 16.6.0 and before (<) 16.6.4
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  • Gitlab » Gitlab » Enterprise Edition
    Versions from including (>=) 16.7.0 and before (<) 16.7.2
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  • Gitlab » Gitlab » Community Edition
    Versions from including (>=) 16.7.0 and before (<) 16.7.2
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

CVE-2023-7028 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
Notes:
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-7028
Added on 2024-05-01 Action due date 2024-05-22

Exploit prediction scoring system (EPSS) score for CVE-2023-7028

93.36%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-7028

  • GitLab Password Reset Account Takeover
    Disclosure Date: 2024-01-11
    First seen: 2024-03-08
    auxiliary/admin/http/gitlab_password_reset_account_takeover
    This module exploits an account-take-over vulnerability that allows users to take control of a gitlab account without user interaction. The vulnerability lies in the password reset functionality. Its possible to provide 2 emails and the reset code will be sent to both. It is

CVSS scores for CVE-2023-7028

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
3.9
5.8
GitLab Inc. 2024-01-12
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST 2024-09-03
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
NIST 2024-01-18

CWE ids for CVE-2023-7028

References for CVE-2023-7028

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!