COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-7028

CVE-2023-7028

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-05-01
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
⌖ exploited in the wild shame 50/100 exploited-in-wild

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Players implicated

GitLab · vendorGitLab CE/EE · product

Description

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.