virus logo Endpoint Vulnerability

GitLab CVE-2023-7028 Access Control Bypass Vulnerability

description-logoDescription

GitLab CE/EE versions 16.1-16.7 (pre-patch) can send password-reset emails to unverified addresses, enabling attackers to reset accounts and gain unauthorized access.

affected-products-logoAffected Applications

GitLab

Version Updates

Date Version Status Detail
2026-02-21 2.00700
New
 GitLab
2025-01-16 2.00538
Modified
 GitLab
2024-12-05 2.00521
Modified
 GitLab
2024-01-16 2.00348
New
 GitLab

References

https://about.gitlab.com/releases/categories/releases
ID 5551
Created Jan 15, 2024
Description
Updated		 Mar 07, 2026
CVE ID
Tags Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Coverage FortiClient
OS Linux
Vendor GitLab Inc.
Patch manual
Application GitLab