All vulnerabilities
CVE-2023-7028
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab — GitLab CE/EE
- Added to KEV catalog
- 1 May 2024
- Federal remediation due date
- 22 May 2024
- Weakness classification (CWE)
- CWE-284
CISA Description
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-7028
More GitLab Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services