summarize
GitLab has released a security update that fixes two critical vulnerabilities, one of which can be exploited for account hijacking without user interaction.
Vulnerability Details
The vulnerability, numbered CVE-2023-7028, received the highest rating of 10.0 in the CVSS scoring system, and allows an attacker to hijack an account by simply sending a password reset email to an unauthenticated email address.
The vulnerability stems from a flaw in the mailbox validation process that allows users to reset their passwords via a secondary mailbox.
Affected versions
All unmanaged instances of GitLab Community Edition (CE) and Enterprise Edition (EE) that use the following versions are affected:
- Version 16.1, less than 16.1.6
- Version 16.2, less than 16.2.9
- Version 16.3, less than 16.3.7
- Version 16.4, less than 16.4.5
- Version 16.5, less than 16.5.6
- Version 16.6, less than 16.6.4
- Version 16.7, less than 16.7.2
Restoration measures
GitLab said it fixed the vulnerability in GitLab versions 16.5.6, 16.6.4, and 16.7.2 and ported the fix to versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5.
suggestion
To mitigate potential threats, it is recommended that you upgrade your instance to the fixed version as soon as possible and enable dual authentication, especially for users with elevated privileges, and double-check even if you have previously enabled dual authentication.
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/gitlab-releases-security-patch-to-fixed-high-risk-vulnerabilities.html