Headline
GitLab CE/EE Password Reset
GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.
Change Mirror Download
# Exploit Title: GitLab CE/EE < 16.7.2 - Password Reset# Exploit Author: Sebastian Kriesten (0xB455)# Twitter: https://twitter.com/0xB455# Date: 2024-01-12# Vendor Homepage: gitlab.com# Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/# Version: <16.7.2, <16.6.4, <16.5.6# CVE: CVE-2023-7028Proof of Concept:user[email][][email protected]&user[email][][email protected]
Related news
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to
GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.
GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by sending password reset emails to an unverified email address. The