// For flags

CVE-2023-7028

GitLab Community and Enterprise Editions Improper Access Control Vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

12
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 16.1 anterior a 16.1.6, 16.2 anterior a 16.2.9, 16.3 anterior a 16.3.7, 16.4 anterior a 16.4.5, 16.5 anterior a 16.5.6, 16.6 antes de 16.6.4 y 16.7 antes de 16.7.2 en los que los correos electrónicos de restablecimiento de contraseña de cuenta de usuario podían enviarse a una dirección de correo electrónico no verificada.

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

*Credits: Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-12-20 CVE Reserved
  • 2024-01-12 CVE Published
  • 2024-01-12 First Exploit
  • 2024-05-01 Exploited in Wild
  • 2024-05-22 KEV Due Date
  • 2024-10-03 CVE Updated
  • 2024-11-07 EPSS Updated
CWE
  • CWE-284: Improper Access Control
  • CWE-640: Weak Password Recovery Mechanism for Forgotten Password
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.1.0 < 16.1.6
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.1.0 < 16.1.6"
community
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.1.0 < 16.1.6
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.1.0 < 16.1.6"
enterprise
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.2.0 < 16.2.9
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.2.0 < 16.2.9"
community
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.2.0 < 16.2.9
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.2.0 < 16.2.9"
enterprise
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.3.0 < 16.3.7
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.3.0 < 16.3.7"
community
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.3.0 < 16.3.7
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.3.0 < 16.3.7"
enterprise
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.4.0 < 16.4.5
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.4.0 < 16.4.5"
community
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.4.0 < 16.4.5
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.4.0 < 16.4.5"
enterprise
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.5.0 < 16.5.6
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.5.0 < 16.5.6"
community
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.5.0 < 16.5.6
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.5.0 < 16.5.6"
enterprise
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.6.0 < 16.6.4
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.6.0 < 16.6.4"
community
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.6.0 < 16.6.4
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.6.0 < 16.6.4"
enterprise
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.7.0 < 16.7.2
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.7.0 < 16.7.2"
community
Affected
Gitlab
Search vendor "Gitlab"
Gitlab
Search vendor "Gitlab" for product "Gitlab"
>= 16.7.0 < 16.7.2
Search vendor "Gitlab" for product "Gitlab" and version " >= 16.7.0 < 16.7.2"
enterprise
Affected