Skip to content
Techzine Global
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Global
  • Techzine Netherlands
  • Techzine Belgium
  • Techzine TV
  • ICTMagazine Netherlands
  • ICTMagazine Belgium
Techzine » News » Security » GitLab accounts vulnerable to takeover, patch available
2 min Security

GitLab accounts vulnerable to takeover, patch available

Erik van KlinkenJanuary 12, 2024 3:26 pmJanuary 12, 2024 3:26 pm
GitLab accounts vulnerable to takeover, patch available

GitLab is warning users about a critical vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerability in question, CVE-2023-7028, allows hackers to take over accounts. Patches have already been released.

According to GitLab, the CVE-2023-7028 vulnerability makes it possible to easily take over accounts. Namely, this can be done by having emails to reset passwords delivered to an unverified email address. Those without 2FA enabled could lose access to their own accounts without the new patch.

When CE and Enterprise end users do use 2FA to log into their accounts, the vulnerability only allows hackers to reset passwords. The accounts cannot then be taken over as the external authentication method is required after a password change request.

Problem with email authentication

The vulnerability was itself introduced by GitLab with the release of the GitLab CE and Enterprise editions v 16.1.0. This included the ability to reset a password via a second email address. The bug in question ended up in the email verification process.

No active exploits yet

The bug has been active since May 2023, but may have remained unknown outside of GitLab itself. Active exploits of the vulnerability are therefore not known, but GitLab urges users who host the platform themselves to check their own log files carefully.

The development platform has already patched the bug and released updated versions 16.7.2, 16.6.4 and 16.5.6 for both editions. End users should implement the updates as soon as possible, GitLab indicates.

Also read: GitLab 16 unveiled

Tags:

account takeover / CVE-2023-7028 / GitLab / vulnerability

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Stay tuned, subscribe!

Nieuwsbrieven*

Related

OpenAI tackles open-source vulnerabilities with ‘Patch the Planet’

SAP patches vulnerabilities in NetWeaver and Commerce Cloud

Adobe patches vulnerability that steals data via PDFs

Veeam Patches Critical Vulnerabilities in Backup & Replication

Editor picks

Too dense for AC: 800V DC is coming to an AI data center near you

The growth of AI computing has significant implications on data cente...

Red Hat OpenShift tackles the tough virtualization headache

Red Hat has made huge strides in virtualization. Managing virtual mac...

Neurometric AI & LumaDock aim to slash OpenClaw inference costs 

Neurometric AI is the inference orchestration company behind ClawPack...

Alation serves up Semantic Model Mastering, it’s MDM for the semantic layer

Alation is the company we know for its data intelligence platform, de...

Techzine.tv

How HPE brought two networking giants together in under one year

How HPE brought two networking giants together in under one year

How AI agents are transforming Salesforce marketing applications

How AI agents are transforming Salesforce marketing applications

Why OpenTelemetry is winning the observability battle

Why OpenTelemetry is winning the observability battle

Why enterprises are choosing HPE for private cloud AI

Why enterprises are choosing HPE for private cloud AI

Read more on Security

Koi Security sued over alleged AI-generated report

Koi Security sued over alleged AI-generated report

A cybersecurity report allegedly compiled with the help of AI has led to a lawsuit against Palo Alto Networks...

Mels Dees 19 hours ago
Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”
Top story

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”

Cybersecurity starts at the foundation. And in many cases, that’s the underlying architecture or code. If i...

Sander Almekinders 3 days ago
HPE iLO Security: From remote management to quantum-safe security
Top story

HPE iLO Security: From remote management to quantum-safe security

HPE's iLO management controller is far more than a remote access tool, it is the cornerstone of server securi...

Coen van Eenbergen 16 hours ago
Only a fraction of AI alerts are critical

Only a fraction of AI alerts are critical

Cybersecurity teams are facing an ever-increasing volume of security alerts, partly because attackers are usi...

Mels Dees 17 hours ago

Expert Talks

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD recently introduced the “Helios” rack-scale AI architecture, ...

Taking the right lessons from AI success stories

Taking the right lessons from AI success stories

While a lot of the current narratives around AI focus on stalled...

Why traditional security can’t protect your enterprise against AI threats

Today’s AI tools are a boon for many businesses, boosting efficienc...

Power critical workloads with all-NVMe active-active storage for non-stop enterprise operations 

Enterprise infrastructure has reached a turning point where planned d...

Tech calendar

GOTO Copenhagen 2026

September 28, 2026 TAP1, Raffinaderivej 10, 2300 København S, Denmark

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2026 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement