Cybersecurity blog header

CVE-2023-7028: A critical vulnerability affecting GitLab

CVE-2023-7028 es una vulnerabilidad crítica que afecta a GitLab

Critical vulnerability CVE-2023-7028 in the open source platform GitLab allows taking control of other users’ accounts

A critical vulnerability has been discovered in GitLab, an open-source platform for managing git repositories. This vulnerability could allow a remote attacker to take control of other users’ accounts.

GitLab is an open-source platform that performs functions equivalent to those of GitHub. The company in charge of developing it maintains a version of this software in the cloud so that users can access its functions, but installing it on local servers is also possible.

Key features

  • CVE identifier: CVE-2023-7028
  • Release date: January 11, 2024
  • Affected software: GitLab
  • CVSS score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10.0 Critical)
  • Affected versions:
    • 16.1 to 16.1.5
    • 16.2 to 16.2.8
    • 16.3 to 16.3.6
    • 16.4 to 16.4.4
    • 16.5 to 16.5.5
    • 16.6 to 16.6.3
    • 16.7 to 16.7.1
  • Exploitation requirements:
    • The GitLab instance must have some authentication system configured for which password reset links work.*
    • If a user has two-factor authentication enabled, their password can be changed, but the attacker cannot steal their account.

* If a GitLab instance is configured to use authentication through a third-party provider, this vulnerability may not affect it. If, for example, the GitLab instance uses LDAP authentication exclusively, and does not have permission to reset passwords, there would be no impact.

Mitigation

The main solution is to urgently update the GitLab instance to one of the new patched versions that fix this vulnerability:

  • 16.7.2
  • 16.6.4
  • 16.5.6
  • 16.4.5
  • 16.3.7
  • 16.2.9
  • 16.1.6

In addition, it is recommended to take the following countermeasures:

  • If possible, the domains of the addresses to which GitLab can send emails can be limited from the mail server.
  • It is recommended to reduce the authentication options to the essentials: if a company already has delegated authentication, it may not be necessary to maintain a type of authentication that allows password changes from GitLab.

GitLab has published a post with the official information and related updates of this vulnerability.

Detection of the vulnerability CVE-2023-7028

The presence of the vulnerability CVE-2023-7028 can be identified by the version number.

As part of its emerging vulnerabilities service, Tarlogic proactively monitors the perimeter of its clients to report, detect, and urgently notify of the presence of this vulnerability, as well as other critical threats that could have a serious impact on the security of their assets.

Reference