CVE-2023-7028

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-7028

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7028.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-7028

Aliases

BIT-gitlab-2023-7028

Related

UBUNTU-CVE-2023-7028

Published

2024-01-12T14:15:49Z

Modified

2025-01-14T12:23:11.042009Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4961ad113f3afe23965ac12285eaab31315ab0c6

Fixed

39f92f67961c5a8b85b738628916fe814e1b53c2

Affected versions

v16.*

v16.1.0-ee

v16.1.1-ee

v16.1.2-ee

v16.1.3-ee

v16.1.4-ee

v16.1.5-ee