Lucene search

GoogleOSV:CVE-2023-7028

HistoryJan 12, 2024 - 2:15 p.m.

CVE-2023-7028

2024-01-1214:15:49

Google

osv.dev

gitlab ce/ee

security vulnerability

password reset

email delivery

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

7.3 High

AI Score

Confidence

High

0.96 High

EPSS

Percentile

99.5%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

CPENameOperatorVersion
gitlabeq16.1.2-ee
gitlabeq16.1.0-ee
gitlabeq16.1.5-ee
gitlabeq16.1.3-ee
gitlabeq16.1.4-ee
gitlabeq16.1.1-ee

Name	Operator	Version
gitlab	eq	16.1.2-ee
gitlab	eq	16.1.0-ee
gitlab	eq	16.1.5-ee
gitlab	eq	16.1.3-ee
gitlab	eq	16.1.4-ee
gitlab	eq	16.1.1-ee

References

about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

gitlab.com/gitlab-org/gitlab/-/issues/436084

hackerone.com/reports/2293343

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

7.3 High

AI Score

Confidence

High

0.96 High

EPSS

Percentile

99.5%

JSON

Related for OSV:CVE-2023-7028