Skip to main content
All vulnerabilities
CVE-2023-7028

GitLab Community and Enterprise Editions Improper Access Control Vulnerability

GitLabGitLab CE/EE

Added to KEV catalog
1 May 2024
Federal remediation due date
22 May 2024
Weakness classification (CWE)
CWE-284

CISA Description

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-7028

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services