CVE-2023-7028 - Design/Logic Flaw
CVE Information
Original CVE data
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Gitlab - (1)
Basic Analysis
Common vulnerability metrics
Design/Logic Flaw
-
Exploits are available either through exploit packs, Github repos or the world wide web in general.
Vulnerability is referenced under CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog
-
No sightings of the vulnerability within threat reports.
Cybersecurity Frameworks
How the vulnerability maps against various cybersecurity frameworks
Compliance Impact
How the submited vulnerability affects compliance
Web Application Security Frameworks
Applicable if the issue likely affects a web application