Critical GitLab Account Takeover Vulnerability
Published Wed, Apr 3rd, 2024
Platforms
Summary
GitLab addressed a critical vulnerability, CVE-2023-7028, affecting managed SaaS gitlab.com instance as well as self-hosted versions 16.1 to 16.7.1. The flaw could allow account takeovers via unverified email password resets. Third party could intercept the password reset request, add their own email to the request and forward it. GitLab would then send the reset link to the added 3rd-party email. This is in effect an account takeover with only precondition of knowing victim email associated with the GitLab account.
Affected Services
N/A
Remediation
SaaS instance is patched. On self-hosted - update GitLab to the latest patched version (16.5.10, 16.8.10, or later) to mitigate the vulnerability.
Tracked CVEs
CVE-2023-7028
References
Contributed by https://github.com/sshayb
Entry Status
Finalized
Disclosure Date
Wed, Dec 20th, 2023
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unauthorized access attempts or unexpected password reset requests. Review logs for suspicious activity related to account authentication and password resets.
Piercing Index Rating
-
Discovered by
asterion04, GitLab
