CVE-2023-7028

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-7028

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7028.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-7028

Aliases

BIT-gitlab-2023-7028

Downstream

UBUNTU-CVE-2023-7028

Published

2024-01-12T13:56:41.726Z

Modified

2025-12-05T05:32:11.064718Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

Weak Password Recovery Mechanism for Forgotten Password in GitLab

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Database specific

{
    "cwe_ids": [
        "CWE-640"
    ],
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/7xxx/CVE-2023-7028.json"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

4961ad113f3afe23965ac12285eaab31315ab0c6

Fixed

39f92f67961c5a8b85b738628916fe814e1b53c2

Database specific

{
    "versions": [
        {
            "introduced": "16.1"
        },
        {
            "fixed": "16.1.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

3adc0fe6e7c163bedd7faa5f0c4d1e5fbb6bf3c5

Fixed

0dc0c45e5c515fcb6aa87a280a50140e1715bcd8

Database specific

{
    "versions": [
        {
            "introduced": "16.2"
        },
        {
            "fixed": "16.2.9"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

3dfd4e0bcc7eae4330e7fed87ec74bee9a8bdf2d

Fixed

4b39d8fe4183ca86b4b425ffc5e1f9f0a4d2d222

Database specific

{
    "versions": [
        {
            "introduced": "16.3"
        },
        {
            "fixed": "16.3.7"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

e4c1c182610739c1b1d10a8eacbea1f5aa837ad6

Fixed

847c8151481a0f1bbdfd008ff932a5c5740b47a1

Database specific

{
    "versions": [
        {
            "introduced": "16.4"
        },
        {
            "fixed": "16.4.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

fc87c9d4cca1536abcf902b4128f5c2004d87162

Fixed

328c57b01842700127bb3d1302f5b5b967fa4442

Database specific

{
    "versions": [
        {
            "introduced": "16.5"
        },
        {
            "fixed": "16.5.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

94991886af3e3820aa09fa353b29cf8557c93168

Fixed

1873157df5a1e602741dc5fbe790db81888baea4

Database specific

{
    "versions": [
        {
            "introduced": "16.6"
        },
        {
            "fixed": "16.6.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

9e7d34f7ff11405ece06ec398b66965d153cee6f

Fixed

847f5d82ad6aa1208a61fee603fc0e0ce1786f19

Database specific

{
    "versions": [
        {
            "introduced": "16.7"
        },
        {
            "fixed": "16.7.2"
        }
    ]
}

Affected versions

v16.*

v16.1.0-ee

v16.1.1-ee

v16.1.2-ee

v16.1.3-ee

v16.1.4-ee

v16.1.5-ee

v16.2.0-ee

v16.2.1-ee

v16.2.2-ee

v16.2.3-ee

v16.2.4-ee

v16.2.5-ee

v16.2.6-ee

v16.2.7-ee

v16.2.8-ee

v16.3.0-ee

v16.3.1-ee

v16.3.2-ee

v16.3.3-ee

v16.3.4-ee

v16.3.5-ee

v16.3.6-ee

v16.4.0-ee

v16.4.1-ee

v16.4.2-ee

v16.4.3-ee

v16.4.4-ee

v16.5.0-ee

v16.5.1-ee

v16.5.2-ee

v16.5.3-ee

v16.5.4-ee

v16.6.0-ee

v16.6.1-ee

v16.6.2-ee

v16.7.0-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7028.json"