VDB
GCVE-110-CLOUD-2024-0045
GCVE-110-CLOUD-2024-0045
Advisory Published
GitLab addressed a critical vulnerability, CVE-2023-7028, affecting managed SaaS gitlab.com instance as well as self-hosted versions 16.1 to 16.7.1. The flaw could allow account takeovers via unverified email password resets. Third party could intercept the password reset request, add their own email to the request and forward it. GitLab would then send the reset link to the added 3rd-party email. This is in effect an account takeover with only precondition of knowing victim email associated with the GitLab account.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Oracle Cloud | Cloud Services | — | — |
| GitLab | Cloud Services | — | — |
Aliases
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.