Skip to content
Techzine Global
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Global
  • Techzine Netherlands
  • Techzine Belgium
  • Techzine TV
  • ICTMagazine Netherlands
  • ICTMagazine Belgium
Techzine » News » Security » GitLab accounts vulnerable to takeover, patch available
2 min Security

GitLab accounts vulnerable to takeover, patch available

Erik van KlinkenJanuary 12, 2024 3:26 pmJanuary 12, 2024 3:26 pm
GitLab accounts vulnerable to takeover, patch available

GitLab is warning users about a critical vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerability in question, CVE-2023-7028, allows hackers to take over accounts. Patches have already been released.

According to GitLab, the CVE-2023-7028 vulnerability makes it possible to easily take over accounts. Namely, this can be done by having emails to reset passwords delivered to an unverified email address. Those without 2FA enabled could lose access to their own accounts without the new patch.

When CE and Enterprise end users do use 2FA to log into their accounts, the vulnerability only allows hackers to reset passwords. The accounts cannot then be taken over as the external authentication method is required after a password change request.

Problem with email authentication

The vulnerability was itself introduced by GitLab with the release of the GitLab CE and Enterprise editions v 16.1.0. This included the ability to reset a password via a second email address. The bug in question ended up in the email verification process.

No active exploits yet

The bug has been active since May 2023, but may have remained unknown outside of GitLab itself. Active exploits of the vulnerability are therefore not known, but GitLab urges users who host the platform themselves to check their own log files carefully.

The development platform has already patched the bug and released updated versions 16.7.2, 16.6.4 and 16.5.6 for both editions. End users should implement the updates as soon as possible, GitLab indicates.

Also read: GitLab 16 unveiled

Tags:

account takeover / CVE-2023-7028 / GitLab / vulnerability

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Stay tuned, subscribe!

Nieuwsbrieven*

Related

OpenAI tackles open-source vulnerabilities with ‘Patch the Planet’

SAP patches vulnerabilities in NetWeaver and Commerce Cloud

Adobe patches vulnerability that steals data via PDFs

Veeam Patches Critical Vulnerabilities in Backup & Replication

Editor picks

QuiX Quantum drives control tools for Photonic Quantum era

Netherlands-headquartered photonic quantum computing hardware company...

AI security doesn’t require a brand-new architecture

The rapid adoption of artificial intelligence has thrown cybersecurit...

Claude’s creator Anthropic overtakes OpenAI at the IPO game

The first IPO of an AI model developer is imminent. Anthropic, the co...

Alation serves up Semantic Model Mastering, it’s MDM for the semantic layer

Alation is the company we know for its data intelligence platform, de...

Techzine.tv

Why hyperscalers run containers in VMs: VKS deep dive

Why hyperscalers run containers in VMs: VKS deep dive

How Google scaled Kubernetes to 130,000 nodes for AI workloads

How Google scaled Kubernetes to 130,000 nodes for AI workloads

SAP executive addresses API policy and openness concerns

SAP executive addresses API policy and openness concerns

How Harness secures AI-generated code across the SDLC

How Harness secures AI-generated code across the SDLC

Read more on Security

Eye Security raises €60M for Expansion

Eye Security raises €60M for Expansion

The Hague-based cybersecurity company Eye Security has raised 60 million euros in a Series C funding round. T...

Mels Dees 14 hours ago
119 malicious Edge extensions steal data from 2.6 million users

119 malicious Edge extensions steal data from 2.6 million users

Microsoft has removed 119 malware variants disguised as extensions from the Edge Add-ons store. These extensi...

Erik van Klinken 10 hours ago
OpenAI tackles open-source vulnerabilities with ‘Patch the Planet’
Top story

OpenAI tackles open-source vulnerabilities with ‘Patch the Planet’

Maintainers, who already have far too little time to keep their open-source projects secure, are inundated wi...

Erik van Klinken June 23, 2026
AI security doesn’t require a brand-new architecture
Top story

AI security doesn’t require a brand-new architecture

The rapid adoption of artificial intelligence has thrown cybersecurity principles into disarray. The direct l...

Berry Zwets June 25, 2026

Expert Talks

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD recently introduced the “Helios” rack-scale AI architecture, ...

Taking the right lessons from AI success stories

Taking the right lessons from AI success stories

While a lot of the current narratives around AI focus on stalled...

Why traditional security can’t protect your enterprise against AI threats

Today’s AI tools are a boon for many businesses, boosting efficienc...

Power critical workloads with all-NVMe active-active storage for non-stop enterprise operations 

Enterprise infrastructure has reached a turning point where planned d...

Tech calendar

GOTO Copenhagen 2026

September 28, 2026 TAP1, Raffinaderivej 10, 2300 København S, Denmark

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2026 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement