Rewterz Threat Advisory – CVE-2023-7028 – GitLab Vulnerability

Severity

High

Analysis Summary

CVE-2023-7028

GitLab could allow a remote attacker to bypass security restrictions, caused by a flaw in the password reset mechanism. By sending a specially crafted request, an attacker could exploit this vulnerability to deliver password reset emails to an unverified email address, and use them to take over arbitrary accounts.

Impact

• Security Bypass

Indicators Of Compromise

CVE

• CVE-2023-7028

Affected Vendors

GitLab

Affected Products

• GitLab 16.1 Community Edition
• GitLab 16.1.5 Community Edition
• GitLab 16.2 Community Edition
• GitLab 16.2.8 Community Edition
• GitLab 16.3 Community Edition
• GitLab 16.3.6 Community Edition
• GitLab 16.4 Community Edition
• GitLab 16.4.4 Community Edition
• GitLab 16.5 Community Edition
• GitLab 16.5.5 Community Edition
• GitLab 16.6 Community Edition
• GitLab 16.6.3 Community Edition
• GitLab 16.7 Community Edition
• GitLab 16.7.1 Community Edition
• GitLab 16.1 Enterprise Edition
• GitLab 16.1.5 Enterprise Edition
• GitLab 16.2 Enterprise Edition
• GitLab 16.2.8 Enterprise Edition
• GitLab 16.3 Enterprise Edition
• GitLab 16.3.6 Enterprise Edition
• GitLab 16.4 Enterprise Edition
• GitLab 16.4.4 Enterprise Edition
• GitLab 16.5 Enterprise Edition
• GitLab 16.5.5 Enterprise Edition
• GitLab 16.6 Enterprise Edition
• GitLab 16.6.3 Enterprise Edition
• GitLab 16.7 Enterprise Edition
• GitLab 16.7.1 Enterprise Edition

Remediation

Refer to GitLab Website for patch, upgrade or suggested workaround information.

GitLab Website