CVE-2023-7028 - GitLab Community and Enterprise Editions Improper Access Control Vulnerability
项目:GitLab
产品:GitLab CE/EE
添加日期:2024-05-01到期日:2024-05-22最后更新:June 21, 2025
漏洞名称
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
描述
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.
已知用于勒索软件活动吗?
Unknown
采集行动
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
其他说明
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
相关新闻文章
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job ExecutionSeptember 12, 2024
GitLab: Critical bug lets attackers run pipelines as other usersJuly 10, 2024
High-severity GitLab flaw lets attackers take over accountsMay 23, 2024