CVE-2023-7028
Weak Password Recovery Mechanism for Forgotten Password in GitLab
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 20, 2023
- Published Date
- January 12, 2024
- Last Updated
- February 27, 2025
- Vendor
- GitLab
- Product
- GitLab
- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-05-01 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-7028.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
sariamubeen/CVE-2023-7028
Type: github • Created: 2025-02-17 02:15:26 UTC • Stars: 2
soltanali0/CVE-2023-7028
Type: github • Created: 2024-07-25 11:39:01 UTC • Stars: 0
mochammadrafi/CVE-2023-7028
Type: github • Created: 2024-01-26 06:29:34 UTC • Stars: 0
thanhlam-attt/CVE-2023-7028
Type: github • Created: 2024-01-23 19:11:11 UTC • Stars: 2
Vozec/CVE-2023-7028
Type: github • Created: 2024-01-12 18:29:27 UTC • Stars: 240
duy-31/CVE-2023-7028
Type: github • Created: 2024-01-12 15:17:59 UTC • Stars: 3
RandomRobbieBF/CVE-2023-7028
Type: github • Created: 2024-01-12 10:53:50 UTC • Stars: 58