【风险通告】GitLab 任意用户密码重置漏洞(CVE-2023-7028)
2024-1-12 14:44:52 Author: mp.weixin.qq.com(查看原文) 阅读量:6 收藏

20241月11,Gitlab官方  CVE-2023-7028 GitLab 任意用户密码重置漏洞

01

GitLab 是由GitLab Inc.开发的基于Git的软件开发平台。20241月11布通告了多个漏洞,其中包括 CVE-2023-7028 GitLab 任意用户密码重置漏洞

攻击者可利用忘记密码功能,构造恶意请求获取密码重置链接从而重置密码

02

CVE-2023-7028 GitLab 任意用户密码重置漏洞 

03

影响范围

16.1 <= Gitlab < 16.1.6

16.2 <= Gitlab < 16.2.9

16.3 <= Gitlab < 16.3.7

16.4 <= Gitlab < 16.4.5

16.5 <= Gitlab < 16.5.6

16.6 <= Gitlab < 16.6.4

16.7 <= Gitlab < 16.7.2

04

1 Gitlab 

2

05

https://avd.aliyun.com/detail?id=AVD-2023-7028

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/


文章来源: https://mp.weixin.qq.com/s?__biz=MzI5MzY2MzM0Mw==&mid=2247486301&idx=1&sn=773463e70e5027f95b6d5d859b3f1778&chksm=ec6fec5ddb18654b55023f050e9293d661ddf5c8009240162ee67c2344b6817be83722a047bf&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh