Summary
GitLab addressed a critical vulnerability, CVE-2023-7028, affecting managed SaaS gitlab.com instance as well as self-hosted versions 16.1 to 16.7.1. The flaw could allow account takeovers via unverified email password resets. Third party could intercept the password reset request, add their own email to the request and forward it. GitLab would then send the reset link to the added 3rd-party email. This is in effect an account takeover with only precondition of knowing victim email associated with the GitLab account.
Affected Services
N/A
Remediation
SaaS instance is patched. On self-hosted - update GitLab to the latest patched version (16.5.10, 16.8.10, or later) to mitigate the vulnerability.
Tracked CVEs
CVE-2023-7028
References
https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028https://gitlab.com/gitlab-org/gitlab/-/issues/436084
Contributed by https://github.com/sshayb
Entry Status
Finalized
Disclosure Date
Wed, Dec 20th, 2023
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unauthorized access attempts or unexpected password reset requests. Review logs for suspicious activity related to account authentication and password resets.
Piercing Index Rating
-
Discovered by
asterion04, GitLab
