CVE-2023-7028
published 2024-01-12CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to…
PriorityP197critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2024-05-22
Exploited in the wild
EPSS
94.95%
99.9th percentile
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 16.4.5+ds2-1 (sid) | gitlab 16.4.5+ds2-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 16.1 < 16.1.6 | 16.1.6 |
| gitlab | gitlab | >= 16.1.0 < 16.1.6 | 16.1.6 |
| gitlab | gitlab | >= 16.2 < 16.2.9 | 16.2.9 |
| gitlab | gitlab | >= 16.2.0 < 16.2.9 | 16.2.9 |
| gitlab | gitlab | >= 16.3 < 16.3.7 | 16.3.7 |
| gitlab | gitlab | >= 16.3.0 < 16.3.7 | 16.3.7 |
| gitlab | gitlab | >= 16.4 < 16.4.5 | 16.4.5 |
| gitlab | gitlab | >= 16.4.0 < 16.4.5 | 16.4.5 |
| gitlab | gitlab | >= 16.5 < 16.5.6 | 16.5.6 |
| gitlab | gitlab | >= 16.5.0 < 16.5.6 | 16.5.6 |
| gitlab | gitlab | >= 16.6 < 16.6.4 | 16.6.4 |
| gitlab | gitlab | >= 16.6.0 < 16.6.4 | 16.6.4 |
| gitlab | gitlab | >= 16.7 < 16.7.2 | 16.7.2 |
| gitlab | gitlab | >= 16.7.0 < 16.7.2 | 16.7.2 |
| gitlab | gitlab_ce | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Check production_json.log for password reset requests sent to multiple (attacker-controlled) email addresses in a JSON array ↗
- →Check audit_json.log for PasswordsController#create caller entries where target_details is a JSON array with multiple email addresses ↗
- →Rotate all credentials, API tokens, and certificates on any instance found to be compromised, and check for modifications in developer environments including source code and potentially tampered files ↗
- ·2FA protects against full account takeover: password reset is possible but the second factor is still required for login, so accounts with 2FA enabled cannot be fully hijacked via this vulnerability alone ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vulncheck10.0CRITICAL
cisa9.8CRITICAL
vendor_debian10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mgg5-84cv-fc3c: An issue has been discovered in GitLab CE/EE affecting all versions from 16
ghsa_unreviewed·2024-01-12
CVE-2023-7028 [CRITICAL] CWE-284 GHSA-mgg5-84cv-fc3c: An issue has been discovered in GitLab CE/EE affecting all versions from 16
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
OSV
CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16
osv·2024-01-12·CVSS 9.8
CVE-2023-7028 [CRITICAL] CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
VulnCheck
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
vulncheck·2023·CVSS 10.0
CVE-2023-7028 [CRITICAL] CWE-284 GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
Affected: GitLab GitLab CE/EE
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-ii-kvartal-2024-goda/; https://www.ptsecurity.com/ww-en/analytics/data-leaks-current-threats-for-companies-in-H1-2024/; https://app.crowdsec.n
CISA
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
cisa·2024-05-01·CVSS 9.8
CVE-2023-7028 [CRITICAL] CWE-284 GitLab Community and Enterprise Editions Improper Access Control Vulnerability
Vulnerability: GitLab Community and Enterprise Editions Improper Access Control Vulnerability
Affected: GitLab GitLab CE/EE
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-7028
Remediation Due Date: 2024-05-22
GitLab
CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior
vendor_gitlab·2024-01-12·CVSS 10.0
CVE-2023-7028 [CRITICAL] CWE-640 CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior
CVE-2023-7028: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
CISA KEV: GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Debian
CVE-2023-7028: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 pr...
vendor_debian·2023·CVSS 10.0
CVE-2023-7028 [CRITICAL] CVE-2023-7028: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 pr...
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Scope: local
sid: resolved (fixed in 16.4.5+ds2-1)
Suricata
ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)
suricata·2024-01-16·CVSS 10.0
CVE-2023-7028 [CRITICAL] ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)
ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/users/password"; http.request_body; content:"authenticity_token|3d|"; startswith; pcre:"/^[A-Za-z0-9_]{86}/R"; content:"&user%5Bemail%5D%5B%5D|3d|"; fast_pattern; nocase; content:"&user%5Bemail%5D%5B%5D|3d|"; within:100; reference:url,attackerkb.com/topics/VBDvNxhyjr/cve-2023-7028; reference:cve,2023-7028; classtype:attempted-admin; sid:2050097; rev:2; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2024_01_16, cve CVE_2023_7028, deployment Perimeter, deployment Internal, deploym
Exploit-DB
GitLab CE/EE < 16.7.2 - Password Reset
exploitdb·2024-03-14·CVSS 10.0
CVE-2023-7028 [CRITICAL] GitLab CE/EE < 16.7.2 - Password Reset
GitLab CE/EE < 16.7.2 - Password Reset
---
# Exploit Title: GitLab CE/EE < 16.7.2 - Password Reset
# Exploit Author: Sebastian Kriesten (0xB455)
# Twitter: https://twitter.com/0xB455
# Date: 2024-01-12
# Vendor Homepage: gitlab.com
# Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
# Version: <16.7.2, <16.6.4, <16.5.6
# CVE: CVE-2023-7028
Proof of Concept:
user[email][][email protected]&user[email][][email protected]
Metasploit
GitLab Password Reset Account Takeover
metasploit
GitLab Password Reset Account Takeover
GitLab Password Reset Account Takeover
This module exploits an account-take-over vulnerability that allows users
to take control of a gitlab account without user interaction.
The vulnerability lies in the password reset functionality. Its possible to provide 2 emails
and the reset code will be sent to both. It is therefore possible to provide the e-mail
address of the target account as well as that of one we control, and to reset the password.
2-factor authentication prevents this vulnerability from being exploitable. There is no
discernable difference between a vulnerable and non-vulnerable server response.
Vulnerable versions include:
16.1 < 16.1.6,
16.2 < 16.2.9,
16.3 < 16.3.7,
16.4 < 16.4.5,
16.5 < 16.5.6,
16.6 < 16.6.4,
and 16.7 < 16.7.2.
Nuclei
GitLab - Account Takeover via Password Reset
nuclei·CVSS 9.8
CVE-2023-7028 [CRITICAL] GitLab - Account Takeover via Password Reset
GitLab - Account Takeover via Password Reset
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Template:
id: CVE-2023-7028
info:
name: GitLab - Account Takeover via Password Reset
author: DhiyaneshDk,rootxharsh,iamnooob,pdresearch
severity: high
description: |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password
arXiv
Efficacy of EPSS in High Severity CVEs found in KEV
arxiv_fulltext·2024-11-04
Efficacy of EPSS in High Severity CVEs found in KEV
empty
empty
24pt
10pt plus 1.0pt minus 2.0pt
## Abstract
The Exploit Prediction Scoring System (EPSS) is designed to assess the probability of a vulnerability being exploited in the next 30 days relative to other vulnerabilities. The latest version, based on a research paper published in arXiv , assists defenders in deciding which vulnerabilities to prioritize for remediation. This study evaluates EPSS's ability to predict exploitation before vulnerabilities are actively compromised, focusing on high severity CVEs that are known to have been exploited and included in the CISA KEV catalog. By analyzing EPSS score history, the availability and simplicity of exploits, the system's purpose, its value as a target for Threat Actors (TAs), this paper examines EPSS's potential and identifies ar
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
blogs_greynoiseio·2025-02-26·CVSS 9.8
[CRITICAL] GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Qualys
Defense Lessons From the Black Basta Ransomware Playbook
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook
## Table of Contents
Know Your Enemys Playbook
Attackers Move Fast
How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against evolving
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
#### Table of Contents
- Know Your Enemys Playbook
- Attackers Move Fast
- How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against ev
Bleepingcomputer
High-severity GitLab flaw lets attackers take over accounts
blogs_bleepingcomputer·2024-05-23·CVSS 5.4
CVE-2024-4835 [MEDIUM] High-severity GitLab flaw lets attackers take over accounts
## High-severity GitLab flaw lets attackers take over accounts
## Sergiu Gatlan
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.
The security flaw (tracked as CVE-2024-4835 ) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages.
While they can exploit this vulnerability in attacks that don't require authentication, user interaction is still needed, increasing the attacks' complexity.
"Today, we are releasing versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community Edition (CE) and Enterprise Edition (EE)," GitLab said .
"These versions contain important bug and security fixes, and we strongly re
Bleepingcomputer
CISA says GitLab account takeover bug is actively exploited in attacks
blogs_bleepingcomputer·2024-05-01·CVSS 10.0
[CRITICAL] CISA says GitLab account takeover bug is actively exploited in attacks
## CISA says GitLab account takeover bug is actively exploited in attacks
## Sergiu Gatlan
CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets.
GitLab hosts sensitive data, including proprietary code and API keys, and account hijacking can have a significant impact. Successful exploitation can also lead to supply chain attacks that can compromise repositories by inserting malicious code in CI/CD (Continuous Integration/Continuous Deployment) environments.
Tracked as CVE-2023-7028 , the security flaw is due to an improper access control weakness that can allow remote unauthenticated threat actors to send password reset emails to email accounts under their control to change the passwo
Wiz
Crying Out Cloud - February Newsletter | Wiz
blogs_wiz·2024-02-01·CVSS 9.8
CVE-2023-33246 [CRITICAL] Crying Out Cloud - February Newsletter | Wiz
This month we’ve seen a lot of action, with both vulnerabilities and security incidents that have left users affected. We bring you the latest cloud security highlights, to help you stay informed and stay secure. Let's dive in.
Here are our top picks!
## 🐞 High Profile Vulnerabilities
Apache RocketMQ RCE vulnerability exploited in-the-wild
In August 2023 researchers identified attackers exploiting CVE-2023-33246, a critical vulnerability in Apache RocketMQ, to install the DreamBus bot, a malware strain last reported about publicly in 2021. On January 5, 2024 Apache stated that the patch for CVE-2023-33246 was in fact insufficient, and an additional CVE was assigned to the bypass - CVE-2023-37582. The latter vulnerability is also being exploited in the wild, so it is recommended to patc
Bleepingcomputer
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
blogs_bleepingcomputer·2024-01-24·CVSS 10.0
CVE-2023-7028 [CRITICAL] Over 5,300 GitLab servers exposed to zero-click account takeover attacks
## Over 5,300 GitLab servers exposed to zero-click account takeover attacks
## Bill Toulas
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
The critical (CVSS score: 10.0) flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account.
Although the flaw does not bypass two-factor authentication (2FA), it is a significant risk for any accounts not protected by this extra security mechanism.
The issue impacts GitLab Community and Enterprise Edition versions 16.1 before 16.1.5, 16.2 before 16.2.8, 16.3 before 16.3.6, 16.4 before 16.4.4, 16.5 before 16.5.6, 16.
Checkpoint
15th January – Threat Intelligence Report
blogs_checkpoint·2024-01-15
CVE-2023-46805 15th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 15th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 15th January, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The ransomware-as-a-service group Medusa has breached Water for People nonprofit organization, which aims to improve access to clean water in different countries including Guatemala, Honduras, Mozambique and India. The cybercriminals are asking for a $300K extortion fee to not leak the stolen data. The organization says i
Bleepingcomputer
GitLab warns of critical zero-click account hijacking vulnerability
blogs_bleepingcomputer·2024-01-12·CVSS 10.0
[CRITICAL] GitLab warns of critical zero-click account hijacking vulnerability
## GitLab warns of critical zero-click account hijacking vulnerability
## Bill Toulas
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
The vendor strongly recommends updating as soon as possible all vulnerable versions of the DevSecOps platform (manual update required for self-hosted installations) and warns that if there is "no specific deployment type (omnibus, source code, helm chart, etc.) of a product is mentioned, this means all types are affected.”
## Vulnerability details
The most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as CVE-2023-7028. Successful exploitation does not requ
Sentinelone
Black Basta
blogs_sentinelone·2022-11-30
Black Basta
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Sentinelone
Black Basta
blogs_sentinelone
Black Basta
# Black Basta Ransomware: In-Depth Analysis, Detection, and Mitigation
## Summary of Black Basta Ransomware
Black Basta first emerged in early 2022. The ransomware family is an evolution of the Hermes/Ryuk/Conti families. Black Basta was heavily advertised in underground cybercrime markets. Black Basta practices double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data. There are Windows and LInux variants of Black Basta ransomware. The group is responsible for hundreds of attacks against global targets of varying sectors.
February 2025 Update: Nearly a year’s worth of Black Basta chat logs have been released on Telegram, providing detailed insight into the groups operational workflow, reconnaissance activities, and specific userID and details o
Greynoiseio
Storm⚡Watch: Unplugged
blogs_greynoiseio
Storm⚡Watch: Unplugged
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
https://gitlab.com/gitlab-org/gitlab/-/issues/436084https://hackerone.com/reports/2293343https://gitlab.com/gitlab-org/gitlab/-/issues/436084https://hackerone.com/reports/2293343https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028
2024-01-12
Published
2024-05-01
Added to CISA KEV
Exploited in the wild