Linux Distros Unpatched Vulnerability : CVE-2023-7028

🗓️ 27 Aug 2025 00:00:00Reported by TenableType

CVE-2023-7028 affects GitLab CE/EE; no vendor patch; password reset emails can reach unverified addresses.

Reporter	Title	Published	Views	Family All 48
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	21 Jul 202512:34	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	21 Aug 202404:14	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	12 Jan 202410:53	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	12 Jan 202415:17	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	17 Feb 202502:15	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	23 Jan 202410:37	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	18 Jan 202405:17	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	12 Jan 202418:29	–	githubexploit
GithubExploit	Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab	23 Jan 202419:11	–	githubexploit
0day.today	GitLab CE/EE < 16.7.2 - Password Reset Vulnerability	14 Mar 202400:00	–	zdt

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2023-7028
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(257473);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/27");

  script_cve_id("CVE-2023-7028");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/05/22");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-7028");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior
    to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and
    16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email
    address. (CVE-2023-7028)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2023-7028");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-7028");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gitlab");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "gitlab"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

27 Aug 2025 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 3.19.8 - 10

EPSS0.93539

SSVC