A critical security vulnerability has been identified in over 5,300 internet-facing GitLab instances, susceptible to zero-click account takeover attacks. The flaw, tracked as CVE-2023-7028, enables attackers to redirect password reset emails to their own email addresses, consequently allowing unauthorized password changes and account takeovers. Notably, the vulnerability does not affect accounts with two-factor authentication (2FA) enabled.
Vulnerability Summary:
- Affected Software: GitLab Community and Enterprise Editions
- Vulnerability ID: CVE-2023-7028
- Type of Vulnerability: Zero-Click Account Takeover
- Exploitation Risk: Critical (CVSS score: 10.0)
Impacted Versions:
- GitLab Community and Enterprise Edition versions prior to the following fixed versions are at risk:
- 16.1.5
- 16.2.8
- 16.3.6
- 16.4.4
- 16.5.6
- 16.6.4
- 16.7.2
Remediation Efforts:
- GitLab has issued patches for affected versions as of January 11, 2024.
- Despite the availability of security updates, ShadowServer reports a significant number of unpatched and exposed instances.
Geographical Impact:
- The United States, Germany, Russia, and China are among the countries with the highest counts of vulnerable servers.
Potential Consequences:
- Unsecured servers may lead to supply chain attacks, code leaks, API key exposures, and further malicious actions.
Recommendations for Administrators:
- Urgently apply the provided GitLab security updates.
- Review GitLab’s incident response guide and audit logs for signs of compromise.
- If a compromise is detected, immediately rotate credentials, API tokens, and certificates.
- Enable 2FA on all GitLab accounts.
- Inspect the development environment for unauthorized alterations.
Proactive Measures:
- Admins should not delay action even in the absence of confirmed active exploitation.
- Regularly scheduled security assessments and updates should be conducted as a preventive measure.
OP Innovate Advisory:
- Clients using GitLab should verify their installations against the affected versions and implement the recommended security practices without delay. OP Innovate is poised to assist with any inquiries or support needed in navigating this critical security issue.
Stay Safe and Informed,
OP Innovate.
