GitLab Password Reset Vulnerability (CVE-2023-7028)

Description

What is the vulnerability?

A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on May 1st to its Known Exploited Vulnerabilities (KEV) Catalog.

What is the recommended Mitigation?

GitLab users are advised to update their instances to a patched version and enable two factor authentication (2FA) which will deny malicious actors access to compromised accounts.

What FortiGuard Coverage is available?

FortiGuard Labs has an existing Web Application Security signature "GitLab.Password.Reset.Account.Takeover" released on Jan 16 to detect and block any attack attempts targeting the Authentication Bypass Vulnerability in GitLab (CVE-2023-7028) and has Endpoint Vulnerability signature ID "5551" to detect vulnerable versions of installed GitLab software.