CVE-2023-7028CISA KEV: Actively Exploited

GitLab Community and Enterprise Editions Improper Access Control Vulnerability

Published May 1, 2024·Updated May 1, 2024

Description

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Public Exploits & PoCs15 found

PoC: CVE-2023-7028

This repository presents a proof-of-concept of CVE-2023-7028

15

PoC: CVE-2023-7028

CVE-2023-7028 poc

1

PoC: Exploiting-GitLab-CVE-2023-7028

Penetration test targeting CVE-2023-7028

PoC: CVE-2023-7028

This FORK of repository presents a proof-of-concept of CVE-2023-7028. I am only improve exploit usage

PoC: CVE-2023-7028

CVE-2023-7028 POC && Exploit

PoC: CVE-2023-7028

Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week.

PoC: gitlab-exploit

GitLab CVE-2023-7028

PoC: CVE-2023-7028

Python Code for Exploit Automation CVE-2023-7028

PoC: CVE-2023-7028-Docker

Repository to install CVE-2023-7028 vulnerable Gitlab instance

PoC: CVE-2023-7028

Exploit of account take-over in Gitlab

PoC: gitlab_honeypot

CVE-2023-7028 killer

PoC: CVE-2023-7028

Exploit for CVE-2023-7028

PoC: CVE-2023-7028

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

PoC: CVE-2023-7028

CVE-2023-7028 poc

PoC: CVE-2023-7028

CVE-2023-7028

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free