CVE-2023-7028 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-7028 PUBLISHED KEV

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

EPSS 93.54% · 99.8th percentile

Risk Scores

EPSS Score

93.54%

99.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	16.1.0, 16.2.0, 16.3.0
Bitnami	gitlab	16.1.0, 16.2.0, 16.3.0

Timeline

CVE Published
Jan 20, 1970 Metasploit Module
Jan 20, 1970 Nuclei Template
Jan 20, 1970 Fix Commit
Jan 21, 1970 Security Advisory
Jan 16, 2024 PoC Published
Jan 17, 2024 EPSS Score
Jan 24, 2024 EPSS Score
Feb 13, 2024 EPSS Score
Mar 12, 2024 EPSS Score
Mar 14, 2024 PoC Published
Mar 15, 2024 EPSS Score

References

Open in Interactive Console →