VDB
CVE-2023-7028
CVE-2023-7028
PUBLISHED
KEV
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
EPSS 93.43% · 99.8th percentile
Risk Scores
EPSS Score
93.43%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 16.6.0, 16.1.0, 16.2.0 |
| Bitnami | gitlab | 16.1.0, 16.3.0, 16.4.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL exploited: CVE-2023-7028 (circl-sighting)
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL seen: CVE-2023-7028 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-7028 (circl-sighting)
…and 583 more exploits
Timeline
- CVE Published
- Jan 20, 1970 Metasploit Module
- Jan 20, 1970 Nuclei Template
- Jan 20, 1970 Fix Commit
- Jan 21, 1970 Security Advisory
- Jan 31, 2023 CrowdSec Sighting
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
- Jan 12, 2024 PoC Published
References
- https://hackerone.com/reports/2293343 url
- https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ url
- https://gitlab.com/gitlab-org/gitlab/-/issues/436084 url
- https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-7028 url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028 url
- [MàJ] Multiples Vulnérabilités dans GitLab advisory