CVE-2023-7028
📋 TL;DR
This critical vulnerability in GitLab allows attackers to hijack user accounts by intercepting password reset emails sent to unverified email addresses. Attackers can take over any user account, including administrators, by exploiting the password reset mechanism. All GitLab CE/EE instances running affected versions are vulnerable.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of GitLab instance with administrative access, leading to source code theft, data exfiltration, supply chain attacks, and lateral movement to connected systems.
Likely Case
Account takeover of regular users leading to unauthorized access to repositories, sensitive data exposure, and potential privilege escalation.
If Mitigated
Limited impact with proper email verification controls and monitoring, but still requires immediate patching due to critical nature.
🎯 Exploit Status
Exploitation requires no authentication and has been publicly demonstrated. Attackers only need to trigger password reset for target accounts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 16.1.6, 16.2.9, 16.3.7, 16.4.5, 16.5.6, 16.6.4, 16.7.2 or later
Vendor Advisory: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
Restart Required: Yes
Instructions:
1. Backup GitLab instance. 2. Update to patched version using package manager (apt/yum) or Omnibus installer. 3. Restart GitLab services. 4. Verify update completed successfully.
🔧 Temporary Workarounds
Disable password resets
linuxTemporarily disable password reset functionality to prevent exploitation
gitlab-rails console
ApplicationSetting.first.update!(allow_password_authentication: false)
🧯 If You Can't Patch
- Implement network segmentation to restrict access to GitLab instance
- Enable multi-factor authentication for all users and monitor for suspicious password reset attempts
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or run: sudo gitlab-rake gitlab:env:info | grep VersionCheck Version:
sudo gitlab-rake gitlab:env:info | grep VersionVerify Fix Applied:
Confirm version is patched: sudo gitlab-rake gitlab:env:info | grep Version and ensure it matches patched versions📡 Detection & Monitoring
Log Indicators:
- Unusual volume of password reset requests
- Password reset emails sent to unfamiliar email addresses
- Multiple failed login attempts followed by password reset
Network Indicators:
- Unusual patterns in password reset API calls
- Requests to /users/password endpoint from suspicious IPs
SIEM Query:
source="gitlab" AND (event="password_reset" OR event="user_password_reset") | stats count by src_ip, user🔗 References
- https://gitlab.com/gitlab-org/gitlab/-/issues/436084
- https://hackerone.com/reports/2293343
- https://gitlab.com/gitlab-org/gitlab/-/issues/436084
- https://hackerone.com/reports/2293343
- https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028
