{"id":10760,"date":"2024-05-03T03:36:46","date_gmt":"2024-05-03T03:36:46","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=10760"},"modified":"2024-05-03T03:36:46","modified_gmt":"2024-05-03T03:36:46","slug":"gitlab-password-reset-vulnerability-cve-2023-7028","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/","title":{"rendered":"GitLab Password Reset Vulnerability (CVE-2023-7028)"},"content":{"rendered":"<p>What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on May 1st to its Known Exploited Vulnerabilities (KEV) Catalog, What is the recommended Mitigation?GitLab users are advised to update their instances to a patched version and enable two factor authentication (2FA) which will deny malicious actors access to compromised accounts.What FortiGuard Coverage is available?FortiGuard Labs has an existing Web Application Security signature &#8220;GitLab.Password.Reset.Account.Takeover&#8221; released on Jan 16 to detect and block any attack attempts targeting the Authentication Bypass Vulnerability in GitLab (CVE-2023-7028) and has Endpoint Vulnerability signature ID &#8220;5551&#8221; to detect vulnerable versions of installed GitLab software.<a href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5433\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-10760","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"GitLab Password Reset Vulnerability (CVE-2023-7028) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2024-05-03T03:36:46+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-05-03T03:36:46+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"GitLab Password Reset Vulnerability (CVE-2023-7028) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#blogposting\",\"name\":\"GitLab Password Reset Vulnerability (CVE-2023-7028) \\u203a Sekuritas IT\",\"headline\":\"GitLab Password Reset Vulnerability (CVE-2023-7028)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"datePublished\":\"2024-05-03T03:36:46+00:00\",\"dateModified\":\"2024-05-03T03:36:46+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#listItem\",\"name\":\"GitLab Password Reset Vulnerability (CVE-2023-7028)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#listItem\",\"position\":3,\"name\":\"GitLab Password Reset Vulnerability (CVE-2023-7028)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/\",\"name\":\"GitLab Password Reset Vulnerability (CVE-2023-7028) \\u203a Sekuritas IT\",\"description\":\"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/03\\\/gitlab-password-reset-vulnerability-cve-2023-7028\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"datePublished\":\"2024-05-03T03:36:46+00:00\",\"dateModified\":\"2024-05-03T03:36:46+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"GitLab Password Reset Vulnerability (CVE-2023-7028) \u203a Sekuritas IT","description":"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#blogposting","name":"GitLab Password Reset Vulnerability (CVE-2023-7028) \u203a Sekuritas IT","headline":"GitLab Password Reset Vulnerability (CVE-2023-7028)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"datePublished":"2024-05-03T03:36:46+00:00","dateModified":"2024-05-03T03:36:46+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#listItem","name":"GitLab Password Reset Vulnerability (CVE-2023-7028)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#listItem","position":3,"name":"GitLab Password Reset Vulnerability (CVE-2023-7028)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/","name":"GitLab Password Reset Vulnerability (CVE-2023-7028) \u203a Sekuritas IT","description":"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"datePublished":"2024-05-03T03:36:46+00:00","dateModified":"2024-05-03T03:36:46+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"GitLab Password Reset Vulnerability (CVE-2023-7028) \u203a Sekuritas IT","og:description":"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on","og:url":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/","article:published_time":"2024-05-03T03:36:46+00:00","article:modified_time":"2024-05-03T03:36:46+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"GitLab Password Reset Vulnerability (CVE-2023-7028) \u203a Sekuritas IT","twitter:description":"What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on"},"aioseo_meta_data":{"post_id":"10760","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2024-05-03 03:46:37","updated":"2025-10-15 09:04:16","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tGitLab Password Reset Vulnerability (CVE-2023-7028)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"GitLab Password Reset Vulnerability (CVE-2023-7028)","link":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/03\/gitlab-password-reset-vulnerability-cve-2023-7028\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=10760"}],"version-history":[{"count":1,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10760\/revisions"}],"predecessor-version":[{"id":10761,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10760\/revisions\/10761"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=10760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=10760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=10760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}