PRP: Request CVE-2023-7028 Account-Take-Over Vulnerability In Gitlab

[hh-hunter]

Hello.

I would like to start implementing a plugin to detect CVE-2023-7028 This vulnerability should be relatively new and has been patched.

• https://github.com/Vozec/CVE-2023-7028
• https://nvd.nist.gov/vuln/detail/CVE-2023-7028
• https://gitlab.com/gitlab-org/gitlab/-/issues/436084
• https://hackerone.com/reports/2293343

The vulnerability has been assigned a CVE ID CVE-2023-7028 (CVSS score >= 7.0) and the severity level of the vulnerability is HIGH or CRITICAL: CVSS score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

This attack when successfully performed would allow the attacker to gain complete access over the victim’s GitLab account.

This could allow the attacker to steal sensitive information related to the victim such as stored credentials to other services, source code and much more

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

The vulnerability can be exploited remotely without authentication and user interaction.

Please let me know if this is in scope to start with its development.

[hh-hunter]

I have found a solution to receive emails.

[tooryx]

Please use the original issue #367 and add details on the methodology you would use to receive the email.