VDB

GCVE-110-CLOUD-2024-0045

GCVE-110-CLOUD-2024-0045
Advisory Published
Vulnetix · Advisory published April 3, 2024
GitLab addressed a critical vulnerability, CVE-2023-7028, affecting managed SaaS gitlab.com instance as well as self-hosted versions 16.1 to 16.7.1. The flaw could allow account takeovers via unverified email password resets. Third party could intercept the password reset request, add their own email to the request and forward it. GitLab would then send the reset link to the added 3rd-party email. This is in effect an account takeover with only precondition of knowing victim email associated with the GitLab account.

Affected Products

VendorProductVersionsPlatforms
Oracle CloudCloud Services
GitLabCloud Services

References

advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›