The vulnerability has been assigned a CVE ID CVE-2023-7028 (CVSS score >= 7.0) and the severity level of the vulnerability is HIGH or CRITICAL: CVSS score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
This attack when successfully performed would allow the attacker to gain complete access over the victim’s GitLab account.
This could allow the attacker to steal sensitive information related to the victim such as stored credentials to other services, source code and much more
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
The vulnerability can be exploited remotely without authentication and user interaction.
Please let me know if this is in scope to start with its development.
Hello.
I would like to start implementing a plugin to detect CVE-2023-7028 This vulnerability should be relatively new and has been patched.
The vulnerability has been assigned a CVE ID CVE-2023-7028 (CVSS score >= 7.0) and the severity level of the vulnerability is HIGH or CRITICAL: CVSS score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
This attack when successfully performed would allow the attacker to gain complete access over the victim’s GitLab account.
This could allow the attacker to steal sensitive information related to the victim such as stored credentials to other services, source code and much more
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
The vulnerability can be exploited remotely without authentication and user interaction.
Please let me know if this is in scope to start with its development.