{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-7028","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2023-12-20T20:30:37.127Z","datePublished":"2024-01-12T13:56:41.726Z","dateUpdated":"2025-10-21T23:05:28.992Z"},"containers":{"cna":{"title":"Weak Password Recovery Mechanism for Forgotten Password in GitLab","descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"16.1","status":"affected","lessThan":"16.1.6","versionType":"semver"},{"version":"16.2","status":"affected","lessThan":"16.2.9","versionType":"semver"},{"version":"16.3","status":"affected","lessThan":"16.3.7","versionType":"semver"},{"version":"16.4","status":"affected","lessThan":"16.4.5","versionType":"semver"},{"version":"16.5","status":"affected","lessThan":"16.5.6","versionType":"semver"},{"version":"16.6","status":"affected","lessThan":"16.6.4","versionType":"semver"},{"version":"16.7","status":"affected","lessThan":"16.7.2","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-640: Weak Password Recovery Mechanism for Forgotten Password","cweId":"CWE-640","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/436084","name":"GitLab Issue #436084","tags":["issue-tracking"]},{"url":"https://hackerone.com/reports/2293343","name":"HackerOne Bug Bounty Report #2293343","tags":["technical-description","exploit"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":10,"baseSeverity":"CRITICAL"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 16.7.2, 16.6.4, 16.5.6, 16.4.5, 16.3.7, 16.2.9, 16.1.6 or above."}],"credits":[{"lang":"en","value":"Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2025-05-23T04:04:38.692Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-7028","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-02T17:50:56.921719Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2024-05-01","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028","tags":["government-resource"]}],"timeline":[{"time":"2024-05-01T00:00:00.000Z","lang":"en","value":"CVE-2023-7028 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:05:28.992Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-19T07:48:03.820Z"},"title":"CVE Program Container","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/436084","name":"GitLab Issue #436084","tags":["issue-tracking","x_transferred"]},{"url":"https://hackerone.com/reports/2293343","name":"HackerOne Bug Bounty Report #2293343","tags":["technical-description","exploit","x_transferred"]},{"url":"https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028"}]}]}}