Security News > 2024 > May > CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
network
low complexity
gitlab CWE-640
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 47 736 246 58 1087