GitLab addressed a critical vulnerability, CVE-2023-7028, affecting managed SaaS gitlab.com instance as well as self-hosted versions 16.1 to 16.7.1. The flaw could allow account takeovers via unverified email password resets. Third party could intercept the password reset request, add their own email to the request and forward it. GitLab would then send the reset link to the added 3rd-party email. This is in effect an account takeover with only precondition of knowing victim email associated with the GitLab account.
Affected Services
N/A
Remediation
SaaS instance is patched. On self-hosted - update GitLab to the latest patched version (16.5.10, 16.8.10, or later) to mitigate the vulnerability.
Monitor for unauthorized access attempts or unexpected password reset requests. Review logs for suspicious activity related to account authentication and password resets.