Severity
High
Analysis Summary
CVE-2023-7028
GitLab could allow a remote attacker to bypass security restrictions, caused by a flaw in the password reset mechanism. By sending a specially crafted request, an attacker could exploit this vulnerability to deliver password reset emails to an unverified email address, and use them to take over arbitrary accounts.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-7028
Affected Vendors
GitLab
Affected Products
- GitLab 16.1 Community Edition
- GitLab 16.1.5 Community Edition
- GitLab 16.2 Community Edition
- GitLab 16.2.8 Community Edition
- GitLab 16.3 Community Edition
- GitLab 16.3.6 Community Edition
- GitLab 16.4 Community Edition
- GitLab 16.4.4 Community Edition
- GitLab 16.5 Community Edition
- GitLab 16.5.5 Community Edition
- GitLab 16.6 Community Edition
- GitLab 16.6.3 Community Edition
- GitLab 16.7 Community Edition
- GitLab 16.7.1 Community Edition
- GitLab 16.1 Enterprise Edition
- GitLab 16.1.5 Enterprise Edition
- GitLab 16.2 Enterprise Edition
- GitLab 16.2.8 Enterprise Edition
- GitLab 16.3 Enterprise Edition
- GitLab 16.3.6 Enterprise Edition
- GitLab 16.4 Enterprise Edition
- GitLab 16.4.4 Enterprise Edition
- GitLab 16.5 Enterprise Edition
- GitLab 16.5.5 Enterprise Edition
- GitLab 16.6 Enterprise Edition
- GitLab 16.6.3 Enterprise Edition
- GitLab 16.7 Enterprise Edition
- GitLab 16.7.1 Enterprise Edition
Remediation
Refer to GitLab Website for patch, upgrade or suggested workaround information.