Home > Vulnerability Database > CVE-2023-7028

Mend.io Vulnerability Database

CVE-2023-7028

Good to know:

Date: January 12, 2024

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Language: Ruby

Severity Score

7.5

Related Resources (5)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/436084

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-7028

Url: https://hackerone.com/reports/2293343

Url: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

Url: https://www.mend.io/vulnerability-database/CVE-2023-7028

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Weak Password Recovery Mechanism for Forgotten Password

CWE-640

Top Fix

Upgrade Version

Upgrade to version v16.1.6,v16.2.9,v16.3.7,v16.4.5,v16.5.6,v16.6.4,v16.7.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-7028

Good to know:

Date: January 12, 2024

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?