GitLab Password Reset Vulnerability (CVE-2023-7028)
Description
What is the vulnerability? | A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on May 1st to its Known Exploited Vulnerabilities (KEV) Catalog. |
What is the recommended Mitigation? | GitLab users are advised to update their instances to a patched version and enable two factor authentication (2FA) which will deny malicious actors access to compromised accounts. |
What FortiGuard Coverage is available? | FortiGuard Labs has an existing Web Application Security signature "GitLab.Password.Reset.Account.Takeover" released on Jan 16 to detect and block any attack attempts targeting the Authentication Bypass Vulnerability in GitLab (CVE-2023-7028) and has Endpoint Vulnerability signature ID "5551" to detect vulnerable versions of installed GitLab software. |
Appendix
FortiClient Vulnerability | FortiGuard Labs
Web Application Security | FortiGuard Labs
GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 | GitLab
Account Takeover via Password Reset without user interactions (#436084) · Issues · GitLab.org / GitLab · GitLab