⚠ Actively exploited

Added to CISA KEV on 2024-05-01. Federal agencies required to patch by 2024-05-22. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-7028 — Weak Password Recovery Mechanism for Forgotten Password in Gitlab

CWE-640 — Weak Password Recovery Mechanism for Forgotten Password CWE-284 — Improper Access Control24 documents17 sources

Severity

9.8CRITICALNVD

VulnCheck10.0

EPSS

93.5%

top 0.17%

CISA KEV

KEV

Added 2024-05-01

Due 2024-05-22

Exploit

Exploited in wild

Active exploitation observed

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJan 12

KEV addedMay 1

KEV dueMay 22

Latest updateFeb 26

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5gitlab/gitlab16.1 — 16.1.6+6

▶NVDgitlab/gitlab16.1.0 — 16.1.6+6

▶debiandebian/gitlab< gitlab 16.4.5+ds2-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-mgg5-84cv-fc3c: An issue has been discovered in GitLab CE/EE affecting all versions from 16↗2024-01-12

▶

OSV

CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16↗2024-01-12

▶

VulnCheck

GitLab Community and Enterprise Editions Improper Access Control Vulnerability↗2023

▶

💥Exploits & PoCs

Exploit-DB

GitLab CE/EE < 16.7.2 - Password Reset↗2024-03-14

▶

Metasploit

GitLab Password Reset Account Takeover↗

▶

Nuclei

GitLab - Account Takeover via Password Reset

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)↗2024-01-16

▶

📋Vendor Advisories

CISA

GitLab Community and Enterprise Editions Improper Access Control Vulnerability↗2024-05-01

▶

GitLab

CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior↗2024-01-12

▶

Debian

CVE-2023-7028: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 pr...↗2023

▶

🕵️Threat Intelligence

Greynoiseio

GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs↗2025-02-26

▶

Qualys

Defense Lessons From the Black Basta Ransomware Playbook↗2025-02-25

▶

Qualys

Defense Lessons From the Black Basta Ransomware Playbook | Qualys↗2025-02-25

▶

Bleepingcomputer

High-severity GitLab flaw lets attackers take over accounts↗2024-05-23

▶

Bleepingcomputer

CISA says GitLab account takeover bug is actively exploited in attacks↗2024-05-01

▶

📄Research Papers

arXiv

Efficacy of EPSS in High Severity CVEs found in KEV↗2024-11-04

▶

arXiv

Microservice Vulnerability Analysis: A Literature Review with Empirical Insights↗2024-07-31

▶