virus logo Web Application Security

GitLab.Password.Reset.Account.Takeover

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in GitLab.
The vulnerability is due to insufficient authentication when handling password reset requests. An unauthenticated attacker may be able to exploit this to cause password reset emails to be delivered to an unverified email address.

affected-products-logoAffected Products

16.1 <=GitLab CE<16.1.6
16.2 <=GitLab CE<16.2.8
16.3 <=GitLab CE<16.3.6
16.4 <=GitLab CE<16.4.4
16.5 <=GitLab CE<16.5.6
16.6 <=GitLab CE<16.6.4
16.7 <=GitLab CE<16.7.2
16.1 <=GitLab EE<16.1.6
16.2 <=GitLab EE<16.2.8
16.3 <=GitLab EE<16.3.6
16.4 <=GitLab EE<16.4.4
16.5 <=GitLab EE<16.5.6
16.6 <=GitLab EE<16.6.4
16.7 <=GitLab EE<16.7.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://about.gitlab.com/install/

Version Updates

Date Version Status Detail
2024-01-31 0.00368
New
ID 1090501982
Created Jan 31, 2024
Updated Jan 31, 2024
CVE ID
Tags Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action pass
Active
Affected OS All
Affected App Other
Engine Version 5.0.1 or later