Vulnerability-Lookup

CVE-2023-7028 (GCVE-0-2023-7028)

Vulnerability from cvelistv5 – Published: 2024-01-12 13:56 – Updated: 2025-10-21 23:05

CISA KEV

Title

Weak Password Recovery Mechanism for Forgotten Password in GitLab

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

Assigner

GitLab

References

URL

Tags

	https://gitlab.com/gitlab-org/gitlab/-/issues/436084	issue-tracking
	https://hackerone.com/reports/2293343	technical-descriptionexploit

Impacted products

	Vendor	Product	Version
	GitLab	GitLab	Affected: 16.1 , < 16.1.6 (semver) Affected: 16.2 , < 16.2.9 (semver) Affected: 16.3 , < 16.3.7 (semver) Affected: 16.4 , < 16.4.5 (semver) Affected: 16.5 , < 16.5.6 (semver) Affected: 16.6 , < 16.6.4 (semver) Affected: 16.7 , < 16.7.2 (semver) cpe:2.3:a:gitlab:gitlab::::::::

Credits

Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 13e7215f-45db-4b2e-983d-9741a50e8a25

Vulnerability ID: CVE-2023-7028

Status: Confirmed

Status Updated: 2024-05-01 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2024-05-01

Asserted: 2024-05-01

Scope

Notes: KEV entry: GitLab Community and Enterprise Editions Improper Access Control Vulnerability | Affected: GitLab / GitLab CE/EE | Description: GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-05-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-7028

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-284
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	GitLab CE/EE
Due Date	2024-05-22
Date Added	2024-05-01
Vendorproject	GitLab
Vulnerabilityname	GitLab Community and Enterprise Editions Improper Access Control Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2023-7028

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7028",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-02T17:50:56.921719Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-05-01",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:28.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-05-01T00:00:00+00:00",
            "value": "CVE-2023-7028 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:48:03.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GitLab Issue #436084",
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
          },
          {
            "name": "HackerOne Bug Bounty Report #2293343",
            "tags": [
              "technical-description",
              "exploit",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2293343"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "16.1.6",
              "status": "affected",
              "version": "16.1",
              "versionType": "semver"
            },
            {
              "lessThan": "16.2.9",
              "status": "affected",
              "version": "16.2",
              "versionType": "semver"
            },
            {
              "lessThan": "16.3.7",
              "status": "affected",
              "version": "16.3",
              "versionType": "semver"
            },
            {
              "lessThan": "16.4.5",
              "status": "affected",
              "version": "16.4",
              "versionType": "semver"
            },
            {
              "lessThan": "16.5.6",
              "status": "affected",
              "version": "16.5",
              "versionType": "semver"
            },
            {
              "lessThan": "16.6.4",
              "status": "affected",
              "version": "16.6",
              "versionType": "semver"
            },
            {
              "lessThan": "16.7.2",
              "status": "affected",
              "version": "16.7",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-640",
              "description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-23T04:04:38.692Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #436084",
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
        },
        {
          "name": "HackerOne Bug Bounty Report #2293343",
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://hackerone.com/reports/2293343"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6, 16.4.5, 16.3.7, 16.2.9, 16.1.6 or above."
        }
      ],
      "title": "Weak Password Recovery Mechanism for Forgotten Password in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-7028",
    "datePublished": "2024-01-12T13:56:41.726Z",
    "dateReserved": "2023-12-20T20:30:37.127Z",
    "dateUpdated": "2025-10-21T23:05:28.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-7028",
      "cwes": "[\"CWE-284\"]",
      "dateAdded": "2024-05-01",
      "dueDate": "2024-05-22",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ;  https://nvd.nist.gov/vuln/detail/CVE-2023-7028",
      "product": "GitLab CE/EE",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.",
      "vendorProject": "GitLab",
      "vulnerabilityName": "GitLab Community and Enterprise Editions Improper Access Control Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2024-05-22",
      "cisaExploitAdd": "2024-05-01",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "GitLab Community and Enterprise Editions Improper Access Control Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndExcluding\": \"16.1.6\", \"matchCriteriaId\": \"4D1D5473-F384-420D-BD91-F2466F2CA278\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndExcluding\": \"16.1.6\", \"matchCriteriaId\": \"6BEF9E84-75C1-41C0-BE14-7F550E2BE932\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"16.2.0\", \"versionEndExcluding\": \"16.2.9\", \"matchCriteriaId\": \"1D29FF9D-9113-44A9-99C2-074B1B217B7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"16.2.0\", \"versionEndExcluding\": \"16.2.9\", \"matchCriteriaId\": \"AEA35F1C-5E02-407B-ADC6-4FDEFF885E59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"16.3.0\", \"versionEndExcluding\": \"16.3.7\", \"matchCriteriaId\": \"B3F039EF-84DD-41B6-AB5D-BF3F44A488C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"16.3.0\", \"versionEndExcluding\": \"16.3.7\", \"matchCriteriaId\": \"02C5947D-659A-4AE9-B2C8-08287AC03BF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"16.4.0\", \"versionEndExcluding\": \"16.4.5\", \"matchCriteriaId\": \"C89EFE63-81D9-4964-BE91-BF31AA40C165\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"16.4.0\", \"versionEndExcluding\": \"16.4.5\", \"matchCriteriaId\": \"4B4C9455-DBA2-480B-8C59-898BC9DB8795\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"16.5.0\", \"versionEndExcluding\": \"16.5.6\", \"matchCriteriaId\": \"A1A5DDAD-5B04-4643-8ACD-15D7C6CD76C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"16.5.0\", \"versionEndExcluding\": \"16.5.6\", \"matchCriteriaId\": \"24A21A70-46F1-4B28-BECB-4266AABBBD57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"16.6.0\", \"versionEndExcluding\": \"16.6.4\", \"matchCriteriaId\": \"7198B7E4-9928-4B7D-9D00-6B76CCAC3875\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"16.6.0\", \"versionEndExcluding\": \"16.6.4\", \"matchCriteriaId\": \"D294EA47-B2EF-42D6-A92B-93CEA5D209B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"16.7.0\", \"versionEndExcluding\": \"16.7.2\", \"matchCriteriaId\": \"E66EC8A8-E889-450A-86B4-7D930788FF58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"16.7.0\", \"versionEndExcluding\": \"16.7.2\", \"matchCriteriaId\": \"DDBB44E5-7ED3-4C9B-9241-2E6DB79A3E27\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anterior a 16.1.6, 16.2 anterior a 16.2.9, 16.3 anterior a 16.3.7, 16.4 anterior a 16.4.5, 16.5 anterior a 16.5.6, 16.6 antes de 16.6.4 y 16.7 antes de 16.7.2 en los que los correos electr\\u00f3nicos de restablecimiento de contrase\\u00f1a de cuenta de usuario pod\\u00edan enviarse a una direcci\\u00f3n de correo electr\\u00f3nico no verificada.\"}]",
      "id": "CVE-2023-7028",
      "lastModified": "2024-12-20T19:05:19.913",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve@gitlab.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-01-12T14:15:49.420",
      "references": "[{\"url\": \"https://gitlab.com/gitlab-org/gitlab/-/issues/436084\", \"source\": \"cve@gitlab.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/2293343\", \"source\": \"cve@gitlab.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://gitlab.com/gitlab-org/gitlab/-/issues/436084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/2293343\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@gitlab.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"cve@gitlab.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-640\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-640\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-7028\",\"sourceIdentifier\":\"cve@gitlab.com\",\"published\":\"2024-01-12T14:15:49.420\",\"lastModified\":\"2025-10-24T14:46:31.820\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anterior a 16.1.6, 16.2 anterior a 16.2.9, 16.3 anterior a 16.3.7, 16.4 anterior a 16.4.5, 16.5 anterior a 16.5.6, 16.6 antes de 16.6.4 y 16.7 antes de 16.7.2 en los que los correos electr\u00f3nicos de restablecimiento de contrase\u00f1a de cuenta de usuario pod\u00edan enviarse a una direcci\u00f3n de correo electr\u00f3nico no verificada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2024-05-01\",\"cisaActionDue\":\"2024-05-22\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"GitLab Community and Enterprise Editions Improper Access Control Vulnerability\",\"weaknesses\":[{\"source\":\"cve@gitlab.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-640\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-640\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.6\",\"matchCriteriaId\":\"4D1D5473-F384-420D-BD91-F2466F2CA278\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.6\",\"matchCriteriaId\":\"6BEF9E84-75C1-41C0-BE14-7F550E2BE932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.2.0\",\"versionEndExcluding\":\"16.2.9\",\"matchCriteriaId\":\"1D29FF9D-9113-44A9-99C2-074B1B217B7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.2.0\",\"versionEndExcluding\":\"16.2.9\",\"matchCriteriaId\":\"AEA35F1C-5E02-407B-ADC6-4FDEFF885E59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.3.0\",\"versionEndExcluding\":\"16.3.7\",\"matchCriteriaId\":\"B3F039EF-84DD-41B6-AB5D-BF3F44A488C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.3.0\",\"versionEndExcluding\":\"16.3.7\",\"matchCriteriaId\":\"02C5947D-659A-4AE9-B2C8-08287AC03BF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.4.0\",\"versionEndExcluding\":\"16.4.5\",\"matchCriteriaId\":\"C89EFE63-81D9-4964-BE91-BF31AA40C165\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.4.0\",\"versionEndExcluding\":\"16.4.5\",\"matchCriteriaId\":\"4B4C9455-DBA2-480B-8C59-898BC9DB8795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.5.0\",\"versionEndExcluding\":\"16.5.6\",\"matchCriteriaId\":\"A1A5DDAD-5B04-4643-8ACD-15D7C6CD76C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.5.0\",\"versionEndExcluding\":\"16.5.6\",\"matchCriteriaId\":\"24A21A70-46F1-4B28-BECB-4266AABBBD57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.6.0\",\"versionEndExcluding\":\"16.6.4\",\"matchCriteriaId\":\"7198B7E4-9928-4B7D-9D00-6B76CCAC3875\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.6.0\",\"versionEndExcluding\":\"16.6.4\",\"matchCriteriaId\":\"D294EA47-B2EF-42D6-A92B-93CEA5D209B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"16.7.0\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"E66EC8A8-E889-450A-86B4-7D930788FF58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"16.7.0\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"DDBB44E5-7ED3-4C9B-9241-2E6DB79A3E27\"}]}]}],\"references\":[{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/436084\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2293343\",\"source\":\"cve@gitlab.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab/-/issues/436084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2293343\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Weak Password Recovery Mechanism for Forgotten Password in GitLab\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\"}], \"affected\": [{\"vendor\": \"GitLab\", \"product\": \"GitLab\", \"repo\": \"git://git@gitlab.com:gitlab-org/gitlab.git\", \"cpes\": [\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\"], \"versions\": [{\"version\": \"16.1\", \"status\": \"affected\", \"lessThan\": \"16.1.6\", \"versionType\": \"semver\"}, {\"version\": \"16.2\", \"status\": \"affected\", \"lessThan\": \"16.2.9\", \"versionType\": \"semver\"}, {\"version\": \"16.3\", \"status\": \"affected\", \"lessThan\": \"16.3.7\", \"versionType\": \"semver\"}, {\"version\": \"16.4\", \"status\": \"affected\", \"lessThan\": \"16.4.5\", \"versionType\": \"semver\"}, {\"version\": \"16.5\", \"status\": \"affected\", \"lessThan\": \"16.5.6\", \"versionType\": \"semver\"}, {\"version\": \"16.6\", \"status\": \"affected\", \"lessThan\": \"16.6.4\", \"versionType\": \"semver\"}, {\"version\": \"16.7\", \"status\": \"affected\", \"lessThan\": \"16.7.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-640: Weak Password Recovery Mechanism for Forgotten Password\", \"cweId\": \"CWE-640\", \"type\": \"CWE\"}]}], \"references\": [{\"url\": \"https://gitlab.com/gitlab-org/gitlab/-/issues/436084\", \"name\": \"GitLab Issue #436084\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://hackerone.com/reports/2293343\", \"name\": \"HackerOne Bug Bounty Report #2293343\", \"tags\": [\"technical-description\", \"exploit\"]}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\"}}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to versions 16.7.2, 16.6.4, 16.5.6, 16.4.5, 16.3.7, 16.2.9, 16.1.6 or above.\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program\", \"type\": \"finder\"}], \"providerMetadata\": {\"orgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"shortName\": \"GitLab\", \"dateUpdated\": \"2025-05-23T04:04:38.692Z\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-19T07:48:03.820Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://gitlab.com/gitlab-org/gitlab/-/issues/436084\", \"name\": \"GitLab Issue #436084\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://hackerone.com/reports/2293343\", \"name\": \"HackerOne Bug Bounty Report #2293343\", \"tags\": [\"technical-description\", \"exploit\", \"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028\"}]}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-7028\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-02T17:50:56.921719Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-05-01\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-02T17:54:23.792Z\"}, \"timeline\": [{\"time\": \"2024-05-01T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2023-7028 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-7028\", \"assignerOrgId\": \"ceab7361-8a18-47b1-92ba-4d7d25f6715a\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitLab\", \"dateReserved\": \"2023-12-20T20:30:37.127Z\", \"datePublished\": \"2024-01-12T13:56:41.726Z\", \"dateUpdated\": \"2025-10-21T19:45:17.581Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-7028

Vulnerability from gsd - Updated: 2023-12-21 06:01

Details

Aliases

CVE-2023-7028

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-7028"
      ],
      "details": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.",
      "id": "GSD-2023-7028",
      "modified": "2023-12-21T06:01:24.591792Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@gitlab.com",
        "ID": "CVE-2023-7028",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GitLab",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.1",
                          "version_value": "16.1.6"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.2",
                          "version_value": "16.2.9"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.3",
                          "version_value": "16.3.7"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.4",
                          "version_value": "16.4.5"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.5",
                          "version_value": "16.5.6"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.6",
                          "version_value": "16.6.4"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.7",
                          "version_value": "16.7.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "GitLab"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-284",
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084",
            "refsource": "MISC",
            "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
          },
          {
            "name": "https://hackerone.com/reports/2293343",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/2293343"
          },
          {
            "name": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/",
            "refsource": "MISC",
            "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6, 16.4.5, 16.3.7, 16.2.9, 16.1.6 or above."
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
                    "matchCriteriaId": "4D1D5473-F384-420D-BD91-F2466F2CA278",
                    "versionEndExcluding": "16.1.6",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "6BEF9E84-75C1-41C0-BE14-7F550E2BE932",
                    "versionEndExcluding": "16.1.6",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
                    "matchCriteriaId": "1D29FF9D-9113-44A9-99C2-074B1B217B7C",
                    "versionEndExcluding": "16.2.9",
                    "versionStartIncluding": "16.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "AEA35F1C-5E02-407B-ADC6-4FDEFF885E59",
                    "versionEndExcluding": "16.2.9",
                    "versionStartIncluding": "16.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
                    "matchCriteriaId": "B3F039EF-84DD-41B6-AB5D-BF3F44A488C2",
                    "versionEndExcluding": "16.3.7",
                    "versionStartIncluding": "16.3.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "02C5947D-659A-4AE9-B2C8-08287AC03BF2",
                    "versionEndExcluding": "16.3.7",
                    "versionStartIncluding": "16.3.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
                    "matchCriteriaId": "C89EFE63-81D9-4964-BE91-BF31AA40C165",
                    "versionEndExcluding": "16.4.5",
                    "versionStartIncluding": "16.4.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "4B4C9455-DBA2-480B-8C59-898BC9DB8795",
                    "versionEndExcluding": "16.4.5",
                    "versionStartIncluding": "16.4.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
                    "matchCriteriaId": "A1A5DDAD-5B04-4643-8ACD-15D7C6CD76C2",
                    "versionEndExcluding": "16.5.6",
                    "versionStartIncluding": "16.5.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "24A21A70-46F1-4B28-BECB-4266AABBBD57",
                    "versionEndExcluding": "16.5.6",
                    "versionStartIncluding": "16.5.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
                    "matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875",
                    "versionEndExcluding": "16.6.4",
                    "versionStartIncluding": "16.6.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7",
                    "versionEndExcluding": "16.6.4",
                    "versionStartIncluding": "16.6.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
                    "matchCriteriaId": "E66EC8A8-E889-450A-86B4-7D930788FF58",
                    "versionEndExcluding": "16.7.2",
                    "versionStartIncluding": "16.7.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "DDBB44E5-7ED3-4C9B-9241-2E6DB79A3E27",
                    "versionEndExcluding": "16.7.2",
                    "versionStartIncluding": "16.7.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."
          },
          {
            "lang": "es",
            "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anterior a 16.1.6, 16.2 anterior a 16.2.9, 16.3 anterior a 16.3.7, 16.4 anterior a 16.4.5, 16.5 anterior a 16.5.6, 16.6 antes de 16.6.4 y 16.7 antes de 16.7.2 en los que los correos electr\u00f3nicos de restablecimiento de contrase\u00f1a de cuenta de usuario pod\u00edan enviarse a una direcci\u00f3n de correo electr\u00f3nico no verificada."
          }
        ],
        "id": "CVE-2023-7028",
        "lastModified": "2024-03-04T22:54:45.797",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.8,
              "source": "cve@gitlab.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-12T14:15:49.420",
        "references": [
          {
            "source": "cve@gitlab.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
          },
          {
            "source": "cve@gitlab.com",
            "tags": [
              "Broken Link"
            ],
            "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
          },
          {
            "source": "cve@gitlab.com",
            "tags": [
              "Permissions Required"
            ],
            "url": "https://hackerone.com/reports/2293343"
          }
        ],
        "sourceIdentifier": "cve@gitlab.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-640"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-284"
              }
            ],
            "source": "cve@gitlab.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

bit-gitlab-2023-7028

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:53

Modified

2025-10-22 09:08

Summary

Weak Password Recovery Mechanism for Forgotten Password in GitLab

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "gitlab",
        "purl": "pkg:bitnami/gitlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "16.1.0"
            },
            {
              "fixed": "16.1.6"
            },
            {
              "introduced": "16.2.0"
            },
            {
              "fixed": "16.2.9"
            },
            {
              "introduced": "16.3.0"
            },
            {
              "fixed": "16.3.7"
            },
            {
              "introduced": "16.4.0"
            },
            {
              "fixed": "16.4.5"
            },
            {
              "introduced": "16.5.0"
            },
            {
              "fixed": "16.5.6"
            },
            {
              "introduced": "16.6.0"
            },
            {
              "fixed": "16.6.4"
            },
            {
              "introduced": "16.7.0"
            },
            {
              "fixed": "16.7.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-7028"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.",
  "id": "BIT-gitlab-2023-7028",
  "modified": "2025-10-22T09:08:25.162Z",
  "published": "2024-03-06T10:53:45.400Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2293343"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7028"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Weak Password Recovery Mechanism for Forgotten Password in GitLab"
}

CERTFR-2024-AVI-0030

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x antérieures à 16.2.9
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.6
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.5
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x antérieures à 16.6.4
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.7
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.2
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x antérieures à 16.5.6

References

Title

Publication Time

Tags

Bulletin de sécurité GitLab du 11 janvier 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x ant\u00e9rieures \u00e0 16.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-5356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5356"
    },
    {
      "name": "CVE-2023-6955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6955"
    },
    {
      "name": "CVE-2023-2030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2030"
    },
    {
      "name": "CVE-2023-7028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7028"
    },
    {
      "name": "CVE-2023-4812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4812"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0030",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab du 11 janvier 2024",
      "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
    }
  ]
}

CERTFR-2024-AVI-0030

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x antérieures à 16.2.9
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.6
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.5
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x antérieures à 16.6.4
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.7
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.2
GitLab	N/A	Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x antérieures à 16.5.6

References

Title

Publication Time

Tags

Bulletin de sécurité GitLab du 11 janvier 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x ant\u00e9rieures \u00e0 16.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-5356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5356"
    },
    {
      "name": "CVE-2023-6955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6955"
    },
    {
      "name": "CVE-2023-2030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2030"
    },
    {
      "name": "CVE-2023-7028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7028"
    },
    {
      "name": "CVE-2023-4812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4812"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0030",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab du 11 janvier 2024",
      "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
    }
  ]
}

FKIE_CVE-2023-7028

Vulnerability from fkie_nvd - Published: 2024-01-12 14:15 - Updated: 2025-10-24 14:46

CISA KEV

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@gitlab.com	https://gitlab.com/gitlab-org/gitlab/-/issues/436084	Exploit, Issue Tracking, Vendor Advisory
cve@gitlab.com	https://hackerone.com/reports/2293343	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.com/gitlab-org/gitlab/-/issues/436084	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://hackerone.com/reports/2293343	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028	US Government Resource

Impacted products

Vendor	Product	Version
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*

JSON

To clipboard

{
  "cisaActionDue": "2024-05-22",
  "cisaExploitAdd": "2024-05-01",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "GitLab Community and Enterprise Editions Improper Access Control Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "4D1D5473-F384-420D-BD91-F2466F2CA278",
              "versionEndExcluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6BEF9E84-75C1-41C0-BE14-7F550E2BE932",
              "versionEndExcluding": "16.1.6",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "1D29FF9D-9113-44A9-99C2-074B1B217B7C",
              "versionEndExcluding": "16.2.9",
              "versionStartIncluding": "16.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "AEA35F1C-5E02-407B-ADC6-4FDEFF885E59",
              "versionEndExcluding": "16.2.9",
              "versionStartIncluding": "16.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "B3F039EF-84DD-41B6-AB5D-BF3F44A488C2",
              "versionEndExcluding": "16.3.7",
              "versionStartIncluding": "16.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "02C5947D-659A-4AE9-B2C8-08287AC03BF2",
              "versionEndExcluding": "16.3.7",
              "versionStartIncluding": "16.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "C89EFE63-81D9-4964-BE91-BF31AA40C165",
              "versionEndExcluding": "16.4.5",
              "versionStartIncluding": "16.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4B4C9455-DBA2-480B-8C59-898BC9DB8795",
              "versionEndExcluding": "16.4.5",
              "versionStartIncluding": "16.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "A1A5DDAD-5B04-4643-8ACD-15D7C6CD76C2",
              "versionEndExcluding": "16.5.6",
              "versionStartIncluding": "16.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "24A21A70-46F1-4B28-BECB-4266AABBBD57",
              "versionEndExcluding": "16.5.6",
              "versionStartIncluding": "16.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "7198B7E4-9928-4B7D-9D00-6B76CCAC3875",
              "versionEndExcluding": "16.6.4",
              "versionStartIncluding": "16.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D294EA47-B2EF-42D6-A92B-93CEA5D209B7",
              "versionEndExcluding": "16.6.4",
              "versionStartIncluding": "16.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "E66EC8A8-E889-450A-86B4-7D930788FF58",
              "versionEndExcluding": "16.7.2",
              "versionStartIncluding": "16.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DDBB44E5-7ED3-4C9B-9241-2E6DB79A3E27",
              "versionEndExcluding": "16.7.2",
              "versionStartIncluding": "16.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anterior a 16.1.6, 16.2 anterior a 16.2.9, 16.3 anterior a 16.3.7, 16.4 anterior a 16.4.5, 16.5 anterior a 16.5.6, 16.6 antes de 16.6.4 y 16.7 antes de 16.7.2 en los que los correos electr\u00f3nicos de restablecimiento de contrase\u00f1a de cuenta de usuario pod\u00edan enviarse a una direcci\u00f3n de correo electr\u00f3nico no verificada."
    }
  ],
  "id": "CVE-2023-7028",
  "lastModified": "2025-10-24T14:46:31.820",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.8,
        "source": "cve@gitlab.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-12T14:15:49.420",
  "references": [
    {
      "source": "cve@gitlab.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
    },
    {
      "source": "cve@gitlab.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://hackerone.com/reports/2293343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://hackerone.com/reports/2293343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"
    }
  ],
  "sourceIdentifier": "cve@gitlab.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "cve@gitlab.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2024-ALE-002

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 29 janvier 2024]

Le 25 janvier 2024, l'éditeur a publié un avis de sécurité concernant plusieurs vulnérabilités affectant GitLab CE et EE.

La vulnérabilité CVE-2024-0402 est considérée critique avec un score CVSSv3 de 9,9. Elle permet à un attaquant authentifié d'écrire des fichiers à un emplacement arbitraire.

[Publication initiale]

Le 11 janvier 2024, l'éditeur a publié un avis de sécurité concernant plusieurs vulnérabilités affectant GitLab CE et EE.

La plus critique est la vulnérabilité CVE-2023-7028. Elle permet à un attaquant non authentifié d'envoyer un courriel de réinitialisation de mot de passe de n'importe quel utilisateur à une adresse arbitraire. L'attaquant peut ainsi, par le biais d'une simple requête HTTP POST, prendre le contrôle d'un compte dont il connaitrait le courriel.

Le score CVSSv3 de la vulnérabilité CVE-2023-7028 est de 10 (sur 10). Son exploitation est triviale et le CERT-FR anticipe la publication de codes d'exploitations publics dans les heures à venir.

L'éditeur recommande de vérifier:

dans le journal d'activité "gitlab-rails/production_json.log", la présence de requêtes HTTP, sur le chemin "/users/password", contenant plusieurs adresses courriel;
dans le journal d'activité "gitlab-rails/audit_json.log", la présence d'identifiants correspondant à "PasswordsController#create" avec des "target_details" composé d'un tableau comprenant plusieurs adresses courriel.

Le CERT-FR recommande donc d'appliquer les correctifs dans les plus brefs délais et d'activer l'authentification à multiples facteurs, notamment sur les comptes à hauts privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

[Mise à jour du 29 janvier 2024]

Les versions des systèmes affectés ont été mises à jour à la suite du nouveau bulletin de sécurité du 25 janvier 2024. Les versions 16.5.6, 16.6.4 et 16.7.2 initialement recommandées ne doivent plus être utilisées.

Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.6
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x antérieures à 16.2.9
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.7
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.5
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x antérieures à 16.5.8
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x antérieures à 16.6.6
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.4
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.8.x antérieures à 16.8.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité GitLab du 11 janvier 2024	None	vendor-advisory
Bulletin de sécurité GitLab du 25 janvier 2024	None	vendor-advisory
Avis CERT-FR CERTFR-2024-AVI-0030 du 12 janvier 2024	-	other
Avis CERT-FR CERTFR-2024-AVI-0069 du 26 janvier 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003e\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e[Mise \u00e0 jour du 29 janvier 2024] \u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e \u003cp\u003e\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003eLes versions des syst\u00e8mes affect\u00e9s ont \u00e9t\u00e9 mises \u00e0 jour \u00e0 la suite du nouveau bulletin de s\u00e9curit\u00e9 du 25 janvier 2024. Les versions 16.5.6, 16.6.4 et 16.7.2 initialement recommand\u00e9es ne doivent plus \u00eatre utilis\u00e9es.\u003cbr /\u003e \u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e \u003cul\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.9\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.7\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.5\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.8\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.6\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x ant\u00e9rieures \u00e0 16.7.4\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.8.x ant\u00e9rieures \u00e0 16.8.1\u003c/li\u003e \u003c/ul\u003e ",
  "closed_at": "2024-02-22",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0402"
    },
    {
      "name": "CVE-2023-7028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7028"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2024-AVI-0030 du 12 janvier 2024",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0030/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2024-AVI-0069 du 26 janvier 2024",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0069/"
    }
  ],
  "reference": "CERTFR-2024-ALE-002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-12T00:00:00.000000"
    },
    {
      "description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2024-0402",
      "revision_date": "2024-01-29T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2024-02-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour du 29 janvier 2024\\]\u003c/strong\u003e\n\u003c/span\u003e\n\nLe 25 janvier 2024, l\u0027\u00e9diteur a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant\nplusieurs vuln\u00e9rabilit\u00e9s affectant GitLab CE et EE.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2024-0402 est consid\u00e9r\u00e9e critique avec un score\nCVSSv3 de 9,9. Elle permet \u00e0 un attaquant authentifi\u00e9 d\u0027\u00e9crire des\nfichiers \u00e0 un emplacement arbitraire.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 11 janvier 2024, l\u0027\u00e9diteur a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant\nplusieurs vuln\u00e9rabilit\u00e9s affectant GitLab CE et EE.\n\nLa plus critique est la vuln\u00e9rabilit\u00e9 CVE-2023-7028. Elle permet \u00e0 un\nattaquant non authentifi\u00e9 d\u0027envoyer un courriel de r\u00e9initialisation de\nmot de passe de n\u0027importe quel utilisateur \u00e0 une adresse arbitraire.\nL\u0027attaquant peut ainsi, par le biais d\u0027une simple requ\u00eate HTTP POST,\nprendre le contr\u00f4le d\u0027un compte dont il connaitrait le courriel.\n\nLe score CVSSv3 de la vuln\u00e9rabilit\u00e9 CVE-2023-7028 est de 10 (sur 10).\nSon exploitation est triviale et le CERT-FR anticipe la publication de\ncodes d\u0027exploitations publics dans les heures \u00e0 venir.\n\nL\u0027\u00e9diteur recommande de v\u00e9rifier:\n\n-   dans le journal d\u0027activit\u00e9 \"gitlab-rails/production_json.log\", la\n    pr\u00e9sence de requ\u00eates HTTP, sur le chemin \"/users/password\",\n    contenant plusieurs adresses courriel;\n-   dans le journal d\u0027activit\u00e9 \"gitlab-rails/audit_json.log\", la\n    pr\u00e9sence d\u0027identifiants correspondant \u00e0 \"PasswordsController#create\"\n    avec des \"target_details\" compos\u00e9 d\u0027un tableau comprenant plusieurs\n    adresses courriel.\n\nLe CERT-FR recommande donc d\u0027appliquer les correctifs dans les plus\nbrefs d\u00e9lais et d\u0027activer l\u0027authentification \u00e0 multiples facteurs,\nnotamment sur les comptes \u00e0 hauts privil\u00e8ges.\n",
  "title": "[M\u00e0J] Multiples Vuln\u00e9rabilit\u00e9s dans GitLab",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab du 11 janvier 2024",
      "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab du 25 janvier 2024",
      "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
    }
  ]
}

CERTFR-2024-ALE-002

Vulnerability from certfr_alerte - Published: - Updated:

[Mise à jour du 29 janvier 2024]

Le 25 janvier 2024, l'éditeur a publié un avis de sécurité concernant plusieurs vulnérabilités affectant GitLab CE et EE.

La vulnérabilité CVE-2024-0402 est considérée critique avec un score CVSSv3 de 9,9. Elle permet à un attaquant authentifié d'écrire des fichiers à un emplacement arbitraire.

[Publication initiale]

Le 11 janvier 2024, l'éditeur a publié un avis de sécurité concernant plusieurs vulnérabilités affectant GitLab CE et EE.

Le score CVSSv3 de la vulnérabilité CVE-2023-7028 est de 10 (sur 10). Son exploitation est triviale et le CERT-FR anticipe la publication de codes d'exploitations publics dans les heures à venir.

L'éditeur recommande de vérifier:

dans le journal d'activité "gitlab-rails/production_json.log", la présence de requêtes HTTP, sur le chemin "/users/password", contenant plusieurs adresses courriel;
dans le journal d'activité "gitlab-rails/audit_json.log", la présence d'identifiants correspondant à "PasswordsController#create" avec des "target_details" composé d'un tableau comprenant plusieurs adresses courriel.

Le CERT-FR recommande donc d'appliquer les correctifs dans les plus brefs délais et d'activer l'authentification à multiples facteurs, notamment sur les comptes à hauts privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

[Mise à jour du 29 janvier 2024]

Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.6
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x antérieures à 16.2.9
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.7
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.5
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x antérieures à 16.5.8
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x antérieures à 16.6.6
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.4
Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.8.x antérieures à 16.8.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité GitLab du 11 janvier 2024	None	vendor-advisory
Bulletin de sécurité GitLab du 25 janvier 2024	None	vendor-advisory
Avis CERT-FR CERTFR-2024-AVI-0030 du 12 janvier 2024	-	other
Avis CERT-FR CERTFR-2024-AVI-0069 du 26 janvier 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003e\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e[Mise \u00e0 jour du 29 janvier 2024] \u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e \u003cp\u003e\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003eLes versions des syst\u00e8mes affect\u00e9s ont \u00e9t\u00e9 mises \u00e0 jour \u00e0 la suite du nouveau bulletin de s\u00e9curit\u00e9 du 25 janvier 2024. Les versions 16.5.6, 16.6.4 et 16.7.2 initialement recommand\u00e9es ne doivent plus \u00eatre utilis\u00e9es.\u003cbr /\u003e \u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e \u003cul\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.9\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.7\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.5\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.8\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.6\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x ant\u00e9rieures \u00e0 16.7.4\u003c/li\u003e \u003cli\u003eGitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.8.x ant\u00e9rieures \u00e0 16.8.1\u003c/li\u003e \u003c/ul\u003e ",
  "closed_at": "2024-02-22",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0402"
    },
    {
      "name": "CVE-2023-7028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7028"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2024-AVI-0030 du 12 janvier 2024",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0030/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2024-AVI-0069 du 26 janvier 2024",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0069/"
    }
  ],
  "reference": "CERTFR-2024-ALE-002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-12T00:00:00.000000"
    },
    {
      "description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2024-0402",
      "revision_date": "2024-01-29T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2024-02-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour du 29 janvier 2024\\]\u003c/strong\u003e\n\u003c/span\u003e\n\nLe 25 janvier 2024, l\u0027\u00e9diteur a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant\nplusieurs vuln\u00e9rabilit\u00e9s affectant GitLab CE et EE.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2024-0402 est consid\u00e9r\u00e9e critique avec un score\nCVSSv3 de 9,9. Elle permet \u00e0 un attaquant authentifi\u00e9 d\u0027\u00e9crire des\nfichiers \u00e0 un emplacement arbitraire.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 11 janvier 2024, l\u0027\u00e9diteur a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant\nplusieurs vuln\u00e9rabilit\u00e9s affectant GitLab CE et EE.\n\nLa plus critique est la vuln\u00e9rabilit\u00e9 CVE-2023-7028. Elle permet \u00e0 un\nattaquant non authentifi\u00e9 d\u0027envoyer un courriel de r\u00e9initialisation de\nmot de passe de n\u0027importe quel utilisateur \u00e0 une adresse arbitraire.\nL\u0027attaquant peut ainsi, par le biais d\u0027une simple requ\u00eate HTTP POST,\nprendre le contr\u00f4le d\u0027un compte dont il connaitrait le courriel.\n\nLe score CVSSv3 de la vuln\u00e9rabilit\u00e9 CVE-2023-7028 est de 10 (sur 10).\nSon exploitation est triviale et le CERT-FR anticipe la publication de\ncodes d\u0027exploitations publics dans les heures \u00e0 venir.\n\nL\u0027\u00e9diteur recommande de v\u00e9rifier:\n\n-   dans le journal d\u0027activit\u00e9 \"gitlab-rails/production_json.log\", la\n    pr\u00e9sence de requ\u00eates HTTP, sur le chemin \"/users/password\",\n    contenant plusieurs adresses courriel;\n-   dans le journal d\u0027activit\u00e9 \"gitlab-rails/audit_json.log\", la\n    pr\u00e9sence d\u0027identifiants correspondant \u00e0 \"PasswordsController#create\"\n    avec des \"target_details\" compos\u00e9 d\u0027un tableau comprenant plusieurs\n    adresses courriel.\n\nLe CERT-FR recommande donc d\u0027appliquer les correctifs dans les plus\nbrefs d\u00e9lais et d\u0027activer l\u0027authentification \u00e0 multiples facteurs,\nnotamment sur les comptes \u00e0 hauts privil\u00e8ges.\n",
  "title": "[M\u00e0J] Multiples Vuln\u00e9rabilit\u00e9s dans GitLab",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab du 11 janvier 2024",
      "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab du 25 janvier 2024",
      "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
    }
  ]
}

GHSA-MGG5-84CV-FC3C

Vulnerability from github – Published: 2024-01-12 15:30 – Updated: 2025-10-22 00:32

Details

Severity ?

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-7028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T14:15:49Z",
    "severity": "CRITICAL"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.",
  "id": "GHSA-mgg5-84cv-fc3c",
  "modified": "2025-10-22T00:32:58Z",
  "published": "2024-01-12T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7028"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2293343"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2024-0077

Vulnerability from csaf_certbund - Published: 2024-01-11 23:00 - Updated: 2024-01-11 23:00

Summary

GitLab: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

GitLab ist eine Webanwendung zur Versionsverwaltung für Softwareprojekte auf Basis von git.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Benutzerrechte zu erlangen, Daten zu manipulieren und um Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GitLab ist eine Webanwendung zur Versionsverwaltung f\u00fcr Softwareprojekte auf Basis von git.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in GitLab ausnutzen, um Benutzerrechte zu erlangen, Daten zu manipulieren und um Sicherheitsma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0077 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0077.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0077 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0077"
      },
      {
        "category": "external",
        "summary": "GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 vom 2024-01-11",
        "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
      },
      {
        "category": "external",
        "summary": "CVE-2023-7028 PoC",
        "url": "https://twitter.com/h4x0r_dz/status/1745722638809305440"
      }
    ],
    "source_lang": "en-US",
    "title": "GitLab: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:35.963+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0077",
      "initial_release_date": "2024-01-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source GitLab \u003c 16.7.2",
                "product": {
                  "name": "Open Source GitLab \u003c 16.7.2",
                  "product_id": "T032016",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:16.7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source GitLab \u003c 16.6.4",
                "product": {
                  "name": "Open Source GitLab \u003c 16.6.4",
                  "product_id": "T032017",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:16.6.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source GitLab \u003c 16.5.6",
                "product": {
                  "name": "Open Source GitLab \u003c 16.5.6",
                  "product_id": "T032018",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:16.5.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GitLab"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7028",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in GitLab. In der Passwort-Reset Funktion k\u00f6nnen mehrere E-Mail Adressen per URL Manipulation \u00fcbergeben werden. Solange eine dieser Adressen zu einem g\u00fcltigen Benutzerkonto geh\u00f6rt, wird das Passwort-Reset-Token an alle angegebenen Adressen gesendet. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um beliebige Nutzerkonten zu \u00fcbernehmen, wenn diese nicht mit Mehrfaktor-Authentisierung abgesichert sind."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2023-7028"
    },
    {
      "cve": "CVE-2023-5356",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in GitLab aufgrund unsachgem\u00e4\u00dfer Autorisierungspr\u00fcfungen bez\u00fcglich der Slack/Mattermost Integration. Ein authentisierter Angreifer kann dies ausnutzen, um \"Slash\" Befehle als ein anderer Nutzer auszuf\u00fchren."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2023-5356"
    },
    {
      "cve": "CVE-2023-4812",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in GitLab. Die erforderliche CODEOWNERS-Genehmigung kann umgangen werden, indem \u00c4nderungen zu einem bereits genehmigten \"Merge Request\" hinzugef\u00fcgt werden. Ein Angreifer kann dadurch Sicherheitsmechanismen umgehen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2023-4812"
    },
    {
      "cve": "CVE-2023-6955",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt eine Schwachstelle in GitLab aufgrund einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese umgehen und anschlie\u00dfend einen Arbeitsbereich in einer Gruppe erstellen, der mit einem Agenten aus einer anderen Gruppe verbunden ist."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2023-6955"
    },
    {
      "cve": "CVE-2023-2030",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in GitLab. Ein Angreifer kann diese ausnutzen, um die Metadaten von signierten Commits zu \u00e4ndern."
        }
      ],
      "release_date": "2024-01-11T23:00:00.000+00:00",
      "title": "CVE-2023-2030"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-7028 (GCVE-0-2023-7028)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Vulnerability from bitnami_vulndb

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature