A new critical vulnerability impacting GitLab, identified as CVE-2023-7028, has received a CVSS 3.1 score of 10. The Stormshield Customer Security Lab unveils our protection offerings.


The context of the CVE-2023-7028

A new vulnerability bearing the number CVE-2023-7028 has been discovered in Gitlab Community Edition and Gitlab Enterprise Edition in the following versions:

  • For the branch 16.1, all versions prior to 16.1.6;
  • For the branch 16.2, all versions prior to 16.2.9;
  • For the branch 16.3, all versions prior to 16.3.7;
  • For the branch 16.4, all versions prior to 16.4.5;
  • For the branch 16.5, all versions prior to 16.5.6;
  • For the branch 16.6, all versions prior to 16.6.4;
  • For the branch 16.7, all versions prior to 16.7.2.

This vulnerability allows a remote attacker to redefine the password of any GitLab account by exploiting a specificity around the password recovery procedure of the account.


The technical details of the CVE-2023-7028

During the password recovery request, the server can accept multiple email addresses, as long as the first one is linked to a valid account. As a result, attackers can freely specify any email address under their control, receive the password reset mail, define a new password of their choice and connect to the stolen account right after.

It's important to state that, if activated, the multifactor authentication mitigates the risk because attackers would also need to get access to the second authentication factor in order to connect to the account.


CVE-2023-7028 and Stormshield protections

Stormshield Network Security

The following IPS signature detects and prevents the exploitation of this vulnerability on an On-Premise GitLab:

  • http:mix.355: Exploitation of an account takeover vulnerability in Gitlab (CVE-2023-7028)

For the signature to detect exploitation of this vulnerability, the SSL proxy must be enabled.

Confidence index for the protection offered by Stormshield

Confidence index for the absence of false positives


We strongly recommend that you update your version of GitLab as soon as possible, as this is the only way to prevent this attack.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Need more information about Stormshield protection? The Technical Support teams are at your disposal to help you. Contact them through the incident manager located in the MyStormshield private area. To access it, select the menu "Technical Support / Report an incident / Track an incident".
Stormshield's Cyber Threat Intelligence team has two primary missions: to study cyber threats to understand them and to continuously improve Stormshield product protections. All with the goal of contributing to the cybersecurity community's effort to address cyber threats.