Unrated severityCISA KEVNVD Advisory· Published Jan 12, 2024· Updated Oct 21, 2025

Weak Password Recovery Mechanism for Forgotten Password in GitLab

CVE-2023-7028

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

Affected products

GitLab Inc./GitLabv5
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Range: 16.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hackerone.com/reports/2293343mitretechnical-descriptionexploit
gitlab.com/gitlab-org/gitlab/-/issues/436084mitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000