overview
A critical vulnerability (CVE-2023-7028) was found in GitLab Community Edition (CE) and Enterprise Edition (EE) - prompting Gitlab to release critical security updates in versions 16.7.2, 16.6.4, and 16.5.6 for both GitLab.
CVE-2023-7028 (CVSS 10) is a critical flaw that allows for account takeover via user account password reset. This means that the vulnerability helps attackers take over accounts by sending password reset emails to unverified email addresses. The severity of this vulnerability spans across the following versions:
- 16.1 to 16.7.1
- with the fix implemented in the following versions:
- 16.1.6
- 16.2.9
- 16.3.7
- 16.4.5
- 16.5.6
- 16.6.4
- 16.7.2
Another critical vulnerability involves the abuse of Slack/Mattermost integrations to execute slash commands as another user. This affects versions from 8.13 to 16.7.1, with the fix incorporated in versions 16.5.6, 16.6.4, and 16.7.2, and assigned CVE-2023-5356 (CVSS 9.6).
CVE-2023-7028 is being exploited in the wild but it's worth noting that GitLab.com has already been updated to the patched version. If you have two-factor authentication enabled on your account, then you are safe from account takeover. If you do not have two-factor authentication enabled, you need to do so immediately.
avertium's recommendationS
CVE-2023-7028 & CVE-2023-5356 - In the FAQ section, GitLab provides information on the impact of the vulnerabilities, actions users should take, and reassures that the vulnerabilities have been resolved with this security release.
- There's also a detailed explanation of the measures GitLab has in place to prevent similar vulnerabilities in the future.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-7028 or CVE-2023-5356. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
How Avertium is Protecting Our CUSTOMERS
- Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:
- Risk Assessments
- Pen Testing and Social Engineering
- Infrastructure Architecture and Integration
- Zero Trust Network Architecture
- Vulnerability Management
- Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
- We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers.
SUPPORTING DOCUMENTATION