critical

Critical GitLab Account Takeover Vulnerability

Published Wed, Apr 3rd, 2024
Platforms

Summary

GitLab addressed a critical vulnerability, CVE-2023-7028, affecting managed SaaS gitlab.com instance as well as self-hosted versions 16.1 to 16.7.1. The flaw could allow account takeovers via unverified email password resets. Third party could intercept the password reset request, add their own email to the request and forward it. GitLab would then send the reset link to the added 3rd-party email. This is in effect an account takeover with only precondition of knowing victim email associated with the GitLab account.

Affected Services

N/A

Remediation

SaaS instance is patched. On self-hosted - update GitLab to the latest patched version (16.5.10, 16.8.10, or later) to mitigate the vulnerability.

Tracked CVEs

CVE-2023-7028

References

Entry Status
Finalized
Disclosure Date
Wed, Dec 20th, 2023
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unauthorized access attempts or unexpected password reset requests. Review logs for suspicious activity related to account authentication and password resets.
Piercing Index Rating
-
Discovered by
asterion04, GitLab