Improper Access Control Vulnerability in GitLab CE/EE - CVE-2023-7028 (rpm)ID: oval:org.secpod.oval:def:97377 | Date: (C)2024-02-01 (M)2024-03-07 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 16.3 before 16.3.7, 16.1 before 16.1.6, 16.2 before 16.2.9, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4 or 16.7 before 16.7.2 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow attackers to deliver user account password reset emails to an unverified email address.
Product: |
gitlab-ce |
gitlab-ee |