CVE-2023-7028

🗓️ 12 Jan 2024 13:56:41Reported by GitLabType

cve🔗 web.nvd.nist.gov📰️ 14 Media mentions👁 304 Views

CVE-2023-7028: GitLab CE/EE user account password reset emails issu

Reporter	Title	Published	Views	Family All 48
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	21 Jul 202512:34	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	21 Aug 202404:14	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	12 Jan 202410:53	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	12 Jan 202415:17	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	17 Feb 202502:15	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	23 Jan 202410:37	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	18 Jan 202405:17	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	12 Jan 202418:29	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	23 Jan 202419:11	–	githubexploit
0day.today	GitLab CE/EE < 16.7.2 - Password Reset Vulnerability	14 Mar 202400:00	–	zdt

NVD

Vulners

Node

gitlab gitlabRange16.1.0–16.1.6community

gitlab gitlabRange16.1.0–16.1.6enterprise

gitlab gitlabRange16.2.0–16.2.9community

gitlab gitlabRange16.2.0–16.2.9enterprise

gitlab gitlabRange16.3.0–16.3.7community

gitlab gitlabRange16.3.0–16.3.7enterprise

gitlab gitlabRange16.4.0–16.4.5community

gitlab gitlabRange16.4.0–16.4.5enterprise

gitlab gitlabRange16.5.0–16.5.6community

gitlab gitlabRange16.5.0–16.5.6enterprise

gitlab gitlabRange16.6.0–16.6.4community

gitlab gitlabRange16.6.0–16.6.4enterprise

gitlab gitlabRange16.7.0–16.7.2community

gitlab gitlabRange16.7.0–16.7.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "16.1",
        "status": "affected",
        "lessThan": "16.1.6",
        "versionType": "semver"
      },
      {
        "version": "16.2",
        "status": "affected",
        "lessThan": "16.2.9",
        "versionType": "semver"
      },
      {
        "version": "16.3",
        "status": "affected",
        "lessThan": "16.3.7",
        "versionType": "semver"
      },
      {
        "version": "16.4",
        "status": "affected",
        "lessThan": "16.4.5",
        "versionType": "semver"
      },
      {
        "version": "16.5",
        "status": "affected",
        "lessThan": "16.5.6",
        "versionType": "semver"
      },
      {
        "version": "16.6",
        "status": "affected",
        "lessThan": "16.6.4",
        "versionType": "semver"
      },
      {
        "version": "16.7",
        "status": "affected",
        "lessThan": "16.7.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2293343
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/436084
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog
vicarius	www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028

26 May 2026 04:05Current

7.5High risk

Vulners AI Score7.5

CVSS 3.19.8 - 10

EPSS0.93539

SSVC