Vulnerability CVE-2023-7028


Published: 2024-01-12

Description:
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

 References:
https://gitlab.com/gitlab-org/gitlab/-/issues/436084
https://hackerone.com/reports/2293343

Copyright 2026, cxsecurity.com

 

Back to Top