Actively exploited vulnerability

CVE-2023-7028: GitLab Community and Enterprise Editions Improper Access Control Vulnerability

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

CISA KEV source 1 May 2024 added 22 May 2024 remediation due

Affected product

GitLab ยท GitLab CE/EE

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2023-7028.