CVE
EASM
Security Advisories

Shockwave Attack Surface Management - CVE-2023-7028 0 Click Account Takeover affecting GitLab.

CVE
EASM
Security Advisories
Updates

CVE 2023-7028 - GitLab Account Takeover via Password Reset without user interactions

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. This is a Critical severity issue (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, 10.0). It is now mitigated in the latest release and is assigned CVE-2023-7028.

The Proof of Concept (as posted on twitter)

user[email][]=valid@email.com&user[email][]=attacker@email.com, using this payload on the reset password page on the relevant instances leads to receive the reset email token to your own email, rather than the legitimate user.

Remediation includes implementing SSO / Updating the instance and ensuring the existence of 2FA.

Closing Words

As always, our scanning engines has been evaluating the issue for our customers in matter of minutes after the announcement, and relevant notification were automatically sent.

As a proof for our speed and rapid response, we were the first to report the issue to a leading bank within HackerOne's platform.

Enjoyed this read?

Interested in discovering how Shockwave's Next-Gen Attack Surface Management platform can provide continuous monitoring of your external assets and identify exploitable risks? Drop your email below to stay informed.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Secure Your
Externally facing
Attack Surface Today!

Subscribe using Stripe

No meetings required