CVE-2023-7028

Name of the Vulnerable Software and Affected Versions GitLab versions 16.1 through 16.7.1

Description The issue allows an attacker to specify a secondary email during a password reset request, enabling account takeover via password reset without user interaction. This vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) and has a maximum severity score. Over 5,300 internet-exposed GitLab instances are vulnerable to this flaw. The vulnerability can be exploited by sending a password reset email to an unverified email address, allowing an attacker to take over an account. Two-factor authentication can prevent account takeover but not password reset.

Recommendations For GitLab versions 16.1 through 16.7.1, update to the latest patched version, such as 16.7.2, 16.6.4, or 16.5.6, to prevent account takeover via password reset. Enable two-factor authentication to add an extra layer of security and prevent account takeover, even if the password is reset. As a temporary workaround, consider restricting access to the password reset feature until a patch is applied.