CVE-2023-7028

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

NVD

Severity: HIGH
CVE ID: CVE-2023-7028
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

GitLab Inc.

Severity: CRITICAL
CVE ID: CVE-2023-7028
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-7028

Refrence: Project Discovery GitHub

V1lu0

CVE-2023-7028 poc

Refrence: GitHub

RandomRobbieBF

CVE-2023-7028

Refrence: GitHub

duy-31

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Refrence: GitHub

Vozec

This repository presents a proof-of-concept of CVE-2023-7028

Refrence: GitHub

yoryio

Exploit for CVE-2023-7028 - GitLab CE/EE

Refrence: GitHub

Esonhugh

CVE-2023-7028 killer

Refrence: GitHub

Shimon03

Refrence: GitHub

thanhlam-attt

Refrence: GitHub

Trackflaw

Repository to install CVE-2023-7028 vulnerable Gitlab instance

Refrence: GitHub

mochammadrafi

Python Code for Exploit Automation CVE-2023-7028

Refrence: GitHub

hackeremmen

GitLab CVE-2023-7028

Refrence: GitHub