CVE-2023-7028
Weak Password Recovery Mechanism for Forgotten Password in GitLab
In short
GitLab's password reset feature could send recovery emails to unverified email addresses, allowing attackers to take over accounts by changing passwords without proper verification.
Technical detail
A flaw in GitLab's password recovery mechanism (CWE-640) permits password reset tokens to be delivered to unverified email addresses without prior ownership validation. An attacker can register an account with a victim's email, receive the password reset link, and gain unauthorized access to the target account. This affects multiple GitLab versions across CE/EE deployments.
Summary generated and translated by AI from the official description.
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected products
GitLab · GitLabpublic PoCs found — 14
githubgithub.com/Trackflaw/CVE-2023-7028-Docker★ 3githubgithub.com/sariamubeen/CVE-2023-7028★ 3githubgithub.com/szybnev/CVE-2023-7028★ 2githubgithub.com/thanhlam-attt/CVE-2023-7028★ 2githubgithub.com/hackeremmen/gitlab-exploit★ 1githubgithub.com/gh-ost00/CVE-2023-7028★ 1githubgithub.com/KameliaZaman/Exploiting-GitLab-CVE-2023-7028★ 0githubgithub.com/soltanali0/CVE-2023-7028★ 0githubgithub.com/yoryio/CVE-2023-7028★ 0githubgithub.com/Shimon03/CVE-2023-7028-Account-Take-Over-Gitlab★ 0githubgithub.com/Sornphut/CVE-2023-7028-GitLab★ 0githubgithub.com/mochammadrafi/CVE-2023-7028★ 0exploitdbwww.exploit-db.com/exploits/51889unverifiedcve_referencehackerone.com/reports/2293343unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →