An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
References
Link | Resource |
---|---|
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/436084 | Broken Link |
https://hackerone.com/reports/2293343 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
04 Mar 2024, 22:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:* |
18 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ - Vendor Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab/-/issues/436084 - Broken Link | |
References | () https://hackerone.com/reports/2293343 - Permissions Required | |
CWE | CWE-640 | |
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:16.7.1:*:*:*:community:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
17 Jan 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
12 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 14:15
Updated : 2024-03-04 22:54
NVD link : CVE-2023-7028
Mitre link : CVE-2023-7028
CVE.ORG link : CVE-2023-7028
JSON object : View
Products Affected
gitlab
- gitlab