Security News > 2024 > January > Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 GitLab servers exposed to zero-click account takeover attacks
2024-01-24 17:55

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.

The critical flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account.

Today, 13 days after the security updates were made available, threat monitoring service ShadowServer reports seeing 5,379 vulnerable GitLab instances exposed online.

Based on GitLab's role as a software development and project planning platform and the type and severity of the flaw, these servers are at risk of supply chain attacks, proprietary code disclosure, API key leaks, and other malicious activity.

GitLab warns of critical zero-click account hijacking vulnerability.

Nearly 11 million SSH servers vulnerable to new Terrapin attacks.


News URL

https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
network
low complexity
gitlab CWE-640
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 47 736 246 58 1087