1. Summary
| Vulnerability Name |
GitLab Account Takeover Vulnerability (CVE-2023-7028) |
|---|---|
| Release Date |
January 12, 2024 |
| Component Name |
GitLab |
| Affected Versions |
16.1 ≤ GitLab ≤ 16.1.5 |
| Vulnerability Type |
CWE-284: Improper Access Control |
| Severity |
CVSS v3 Base Score: 10.0 (Critical) |
| Exploitability |
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None |
| Impact |
Confidentiality Impact: High Integrity Impact: High Availability Impact: High |
2. About the Vulnerability CVE-2023-7028
2.1 Introduction
GitLab is an open-source repository management project. It uses Git for code management and provides Git-based web services.
2.2 Summary
On January 12, 2024, Sangfor FarSight Labs received notification of an account takeover vulnerability in GitLab, identified as CVE-2023-7028 and assigned a maximum severity rating (CVSS Score 10.0) by GitLab.
This vulnerability stems from the inadequate verification of various parameters during the development phase, specifically in the handling of password reset emails. The system allows an attacker to enter two email addresses during the password reset process—one being their own—enabling them to intercept the reset code.
As a result, attackers can reset the password of any GitLab user without proper authorization, potentially leading to unauthorized account takeover.
3. Affected Versions
16.1 ≤ GitLab ≤ 16.1.5
16.2 ≤ GitLab ≤ 16.2.8
16.3 ≤ GitLab ≤ 16.3.6
16.4 ≤ GitLab ≤ 16.4.4
16.5 ≤ GitLab ≤ 16.5.5
16.6 ≤ GitLab ≤ 16.6.3
16.7 ≤ GitLab ≤ 16.7.1
4. Solutions
4.1 Remediation Solutions
4.1.1 Official Solution
GitLab has released updated versions to address this issue. Users affected by the vulnerability are strongly recommended to upgrade to the latest version. For additional information, please visit: https://about.gitlab.com/
4.1.2 Sangfor Solutions
4.1.2.1 Security Monitoring
The following Sangfor products and services perform real-time monitoring of assets affected by the GitLab account takeover vulnerability (CVE-2023-7028):
- Sangfor Cyber Command (Network Detection and Response)
- Sangfor Cyber Guardian (Managed Detection and Response)
4.1.2.2 Security Protection
The following Sangfor products and services provide protection against the GitLab account takeover vulnerability (CVE-2023-7028):
- Sangfor Network Secure (Next-Generation Firewall)
- Sangfor Cyber Guardian (Managed Detection and Response)
5. Timeline
On January 12, 2024, Sangfor FarSight Labs received notification of the GitLab account takeover vulnerability (CVE-2023-7028).
On January 12, 2024, Sangfor FarSight Labs released a vulnerability alert.
On January 16, 2024, Sangfor FarSight Labs released remediation solutions.
6. References
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
https://github.com/Vozec/CVE-2023-7028
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
7. About Sangfor FarSight Labs
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.
