Security News > 2024 > May > CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability
2024-05-02 06:15
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email
News URL
https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html
Related news
- CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | 9.8 |