Skip to content
Techzine Global
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Global
  • Techzine Netherlands
  • Techzine Belgium
  • Techzine TV
  • ICTMagazine Netherlands
  • ICTMagazine Belgium
Techzine » News » Security » More than 5,000 GitLab instances still vulnerable to account takeover
2 min Security

More than 5,000 GitLab instances still vulnerable to account takeover

Floris Hulshoff PolJanuary 25, 2024 10:23 amJanuary 25, 2024 10:23 am
More than 5,000 GitLab instances still vulnerable to account takeover

5,379 GitLab instances are still at risk. These instances may be affected by the recently discovered GitLab account vulnerability. ShadowServer research shows that accounts can still be taken over.

Recently, GitLab was affected by the critical vulnerability CVE-2023-7028. GitLab has since fixed this with a patch. However, ShadowServer research shows that many users have yet to install this patch. Potential risks include supply chain attacks, disclosure of proprietary code, API key leaks and other malicious activities.

Most vulnerable instances are in the U.S., totaling 964, followed by Germany (730), Russia (721), China (503), France (298), the UK (122), India (117) and Canada (99). However, no specific breaches have been reported at the time of writing.

Een schermafbeelding van een website met een kaart van de wereld.

Features CVE-2023-7028

This vulnerability for GitLab instances allows attackers to perform a so-called zero-click attack to take control of instances.

This vulnerability allows hackers to send password reset emails for an attacked GitLab account to an email address they control. This way, they can then change the password and take over the account. However, when 2FA is enabled, this is blocked.

Fixes already released for some time

The problem occurs in GitLab Community and Enterprise Edition version 16.1 for 16.1.5, version 16.2 for 16.2.8, version 16.3 for 16.3.6, version 16.4 for 16.4.4, version 16.5 for 16.5.6, version 16.6 for 16.6.4 and version 16.7 for 16.7.2.

Two weeks ago, patches were released for versions 16.7.2, 16.5.6 and 16.6.4, as well as backporting patches for versions16.1.6, 16.2.9 and 16.3.7.

GitLab urges companies to still check their systems after implementing the updates for possible changes to their development environment, including source code and potentially modified files.

Also read: GitLab accounts vulnerable to takeover, patch available

Tags:

account takeover / CVE-2023-7028 / GitLab / instance

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Stay tuned, subscribe!

Nieuwsbrieven*

Related

Large-scale GitLab scan reveals more than 17,000 leaked secrets

Chrome vulnerability allowing account takeover fixed

More than 178,000 SonicWall firewalls vulnerable to simple DoS attack

GitLab accounts vulnerable to takeover, patch available

Editor picks

New AI runtime risks demand large-scale AI runtime telemetry

AI safety concerns are everywhere. The technology industry is claimin...

Claude Sonnet 5: not powerful enough to be blocked?

Anthropic is facing a major problem. While Fable 5—by far their mos...

As Fable 5 returns, Anthropic wants to write the frontier AI rulebook

Since the beginnings of generative AI, new state-of-the-art LLMs have...

Alation serves up Semantic Model Mastering, it’s MDM for the semantic layer

Alation is the company we know for its data intelligence platform, de...

Techzine.tv

SAP executive addresses API policy and openness concerns

SAP executive addresses API policy and openness concerns

How Nutanix is tackling multi-cloud Kubernetes and AI workloads

How Nutanix is tackling multi-cloud Kubernetes and AI workloads

AI security threats facing open source ecosystems in 2026

AI security threats facing open source ecosystems in 2026

How Mirantis helps neoclouds maximize GPU ROI with k0rdent AI

How Mirantis helps neoclouds maximize GPU ROI with k0rdent AI

Read more on Security

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”
Top story

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”

Cybersecurity starts at the foundation. And in many cases, that’s the underlying architecture or code. If i...

Sander Almekinders 3 days ago
Only a fraction of AI alerts are critical

Only a fraction of AI alerts are critical

Cybersecurity teams are facing an ever-increasing volume of security alerts, partly because attackers are usi...

Mels Dees 17 hours ago
HPE iLO Security: From remote management to quantum-safe security
Top story

HPE iLO Security: From remote management to quantum-safe security

HPE's iLO management controller is far more than a remote access tool, it is the cornerstone of server securi...

Coen van Eenbergen 16 hours ago
Koi Security sued over alleged AI-generated report

Koi Security sued over alleged AI-generated report

A cybersecurity report allegedly compiled with the help of AI has led to a lawsuit against Palo Alto Networks...

Mels Dees 19 hours ago

Expert Talks

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD recently introduced the “Helios” rack-scale AI architecture, ...

Taking the right lessons from AI success stories

Taking the right lessons from AI success stories

While a lot of the current narratives around AI focus on stalled...

Why traditional security can’t protect your enterprise against AI threats

Today’s AI tools are a boon for many businesses, boosting efficienc...

Power critical workloads with all-NVMe active-active storage for non-stop enterprise operations 

Enterprise infrastructure has reached a turning point where planned d...

Tech calendar

GOTO Copenhagen 2026

September 28, 2026 TAP1, Raffinaderivej 10, 2300 København S, Denmark

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2026 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement