CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 22, 2024

CVE-2023-7028

High

EPSS 93.5%CISA KEV

GitLab/GitLab CE/EE

Description

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

EPSS — Exploit Probability

93.5%

Higher than 99.8% of all CVEs

Required Action

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-7028

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 93.5%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

May 1, 2024

Added to KEV

May 1, 2024

Remediation Due

May 22, 2024

Affected Product

GitLab

GitLab CE/EE

View all GitLab CVEs

External Links

NVD (NIST)CVE Details MITRE CVE