Security News > 2024 > May > CISA says GitLab account takeover bug is actively exploited in attacks

CISA says GitLab account takeover bug is actively exploited in attacks
2024-05-01 16:29

CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets.

The CVE-2023-7028 bug impacts GitLab Community and Enterprise editions, and GitLab fixed it in 16.7.2, 16.5.6, and 16.6.4 and backported patches to versions 16.1.6, 16.2.9, and 16.3.7.

CISA added CVE-2023-7028 to its Known Exploited Vulnerabilities Catalog on Wednesday, confirming it's now actively exploited in attacks and ordering U.S. federal agencies to secure their systems within three weeks by May 22.

The U.S. cybersecurity agency hasn't shared any information regarding ongoing attacks exploiting this maximum severity GitLab security bug, but it did confirm it has no evidence that it's being used in ransomware attacks.

Although the agency's KEV catalog primarily targets federal agencies, private organizations using the GitLab DevOps platform should also prioritize patching this vulnerability to prevent attacks.

CISA tags Microsoft SharePoint RCE bug as actively exploited.


News URL

https://www.bleepingcomputer.com/news/security/cisa-says-gitlab-account-takeover-bug-is-actively-exploited-in-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
network
low complexity
gitlab CWE-640
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 47 736 246 58 1087