HTTP: GitLab Community and Enterprise Edition Password Reset Privilege Escalation
This signature detects attempts to exploit a known vulnerability against GitLab Community and Enterprise Edition. A successful attack can lead to elevation of privilege and arbitrary code execution.
Extended Description
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Affected Products
Gitlab gitlab
Short Name
HTTP:CTS:GITLAB-CE-RESET-PRIV
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2023-7028 Community Edition Enterprise Escalation GitLab Password Privilege Reset and
Release Date
02/14/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3678
False Positive
Unknown
Vendors
Gitlab