{"vulnerability": "CVE-2023-7028", "sightings": [{"uuid": "6aa18f6a-f664-4e98-bbd9-8c837e6cb2cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-05-01T18:10:02.000000Z"}, {"uuid": "9a479756-e682-4f00-9d29-457b09999f45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "f4adb1a0-7c29-4d78-a96d-42166b023515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:59.000000Z"}, {"uuid": "4c6fbbd0-c318-4638-a44f-32997c5af67e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://bsky.app/profile/fkadibs.bsky.social/post/3lj55oc25ps27", "content": "", "creation_timestamp": "2025-02-27T05:24:48.301592Z"}, {"uuid": "fe4fd1be-1281-47a5-ac6d-f8fdd9e727af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://bsky.app/profile/darkwebinformer.bsky.social/post/3lig22ixefs2j", "content": "", "creation_timestamp": "2025-02-18T00:48:50.553092Z"}, {"uuid": "bdd159df-ec62-4891-bacd-ffea418ac340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://infosec.exchange/users/saltmyhash/statuses/114039171548967342", "content": "", "creation_timestamp": "2025-02-21T01:01:38.570930Z"}, {"uuid": "95999460-8d89-4288-b795-6be0b3df26cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:54.000000Z"}, {"uuid": "3955e2ba-e603-4716-87c9-9bd1540c09a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://bsky.app/profile/youranonbonzi.bsky.social/post/3lnzshmw6qk23", "content": "", "creation_timestamp": "2025-04-30T12:32:14.690322Z"}, {"uuid": "344c5c5b-daff-49f3-b1ca-02a0875ec98b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://bsky.app/profile/youranonbonzi.bsky.social/post/3lnzshmwgkk23", "content": "", "creation_timestamp": "2025-04-30T12:32:15.201355Z"}, {"uuid": "2fa0e3bf-26c2-47bb-a12a-080cefce11b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "e865b4eb-cbe3-4d9c-a392-93b18e332eea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://gist.github.com/Hamid-K/f4288dae3a1f2dea8905b1cf16d59c1b", "content": "", "creation_timestamp": "2025-10-03T16:37:38.000000Z"}, {"uuid": "f53ef73d-b13c-423c-9c33-001968ce6029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:23.000000Z"}, {"uuid": "7312cd6e-03ba-4f4f-b8c8-4558246f3e3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/gitlab_password_reset_account_takeover.rb", "content": "", "creation_timestamp": "2024-03-07T14:05:54.000000Z"}, {"uuid": "92b10d6e-01fe-49ba-8b25-517c789f3cae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1201", "content": "", "creation_timestamp": "2024-01-16T04:00:00.000000Z"}, {"uuid": "565e9483-1420-4e20-a276-ae3d23cb63d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-70285", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_07/2024", "content": "", "creation_timestamp": "2024-02-02T10:35:00.000000Z"}, {"uuid": "8fdf1e68-bbda-4343-a0d8-ce3732056efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_07/2024", "content": "", "creation_timestamp": "2024-02-02T10:35:00.000000Z"}, {"uuid": "0f27aee0-0e16-4a3d-8938-e53e8557fa59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/fdda4963-0aa7-4d15-8a8f-969db8f304ca", "content": "", "creation_timestamp": "2025-02-28T23:49:13.272798Z"}, {"uuid": "e3732c1d-2fb4-453a-9d4b-1c01c3378ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/13e7215f-45db-4b2e-983d-9741a50e8a25", "content": "", "creation_timestamp": "2026-02-02T12:26:37.403257Z"}, {"uuid": "003db6f7-2ee6-4c3f-b50a-647b7d12c280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/itsec_news/3978", "content": "\u200b\u26a1\ufe0fZero-click \u0432 GitLab: 5 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u0443\u044e \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f GitLab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043a\u0430\u043a \u0434\u043b\u044f Community, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f Enterprise Edition \u0432 \u0446\u0435\u043b\u044f\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0440\u044f\u0434\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0441\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b DevSecOps (\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0440\u0443\u0447\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u043c\u0435\u0449\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a). \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442\u0441\u044f, \u0435\u0441\u043b\u0438 \u0442\u0438\u043f \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 \u043d\u0435 \u0443\u043a\u0430\u0437\u0430\u043d \u2014 \u0437\u043d\u0430\u0447\u0438\u0442 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u0432\u0441\u0435 \u0442\u0438\u043f\u044b.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f GitLab, \u0438\u043c\u0435\u0435\u0442 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u0438 (10 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS) \u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2023-7028 . \u042d\u0442\u043e Zero-Click \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0435\u0451 \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435, \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430, \u0447\u0442\u043e \u0438 \u0432\u0435\u0434\u0451\u0442 \u043a \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0443\u0447\u0451\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438. \u0415\u0441\u043b\u0438 \u043d\u0430 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u0430 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (2FA), \u043f\u0430\u0440\u043e\u043b\u044c \u043c\u043e\u0436\u043d\u043e \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c, \u043d\u043e \u0434\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0439\u0442\u0438 \u0432\u0442\u043e\u0440\u043e\u0439 \u0444\u0430\u043a\u0442\u043e\u0440 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0417\u0430\u0445\u0432\u0430\u0442 \u0443\u0447\u0451\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 GitLab \u043c\u043e\u0436\u0435\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e \u043f\u043e\u0432\u043b\u0438\u044f\u0442\u044c \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043a\u043b\u044e\u0447\u0435\u0439 API \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0414\u0440\u0443\u0433\u043e\u0439 \u0440\u0438\u0441\u043a \u2014 \u044d\u0442\u043e \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0441\u043a\u0440\u044b\u0442\u043d\u043e \u0432\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0440\u0430\u0431\u043e\u0447\u0438\u0435 \u0441\u0440\u0435\u0434\u044b, \u043a\u043e\u0433\u0434\u0430 GitLab \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f CI/CD (\u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u0438 \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u00abAsterion\u00bb. \u041f\u043e \u0435\u0433\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u0432\u0432\u0435\u0434\u0435\u043d\u0430 \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 1 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430 \u0441 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 16.1.0.\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438:\n\n16.1 \u0434\u043e 16.1.5\n16.2 \u0434\u043e 16.2.8\n16.3 \u0434\u043e 16.3.6\n16.4 \u0434\u043e 16.4.4\n16.5 \u0434\u043e 16.5.6\n16.6 \u0434\u043e 16.6.4\n16.7 \u0434\u043e 16.7.2\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 GitLab 16.7.2, 16.5.6 \u0438 16.6.4, \u0438 \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u043e \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 16.1.6, 16.2.9 \u0438 16.3.7.\n\nGitLab \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u0447\u0442\u043e \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2023-7028, \u043e\u0434\u043d\u0430\u043a\u043e, \u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0440\u044f\u0434 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0432 \u0441\u0432\u043e\u0451\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 .\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043a\u0430\u043a CVE-2023-5356 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u0438 9.6 \u0438\u0437 10. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0451 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f\u043c\u0438 Slack / Mattermost, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b slash \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0412 Mattermost \u043a\u043e\u043c\u0430\u043d\u0434\u044b slash \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u0431\u043e\u0447\u0443\u044e \u043e\u0431\u043b\u0430\u0441\u0442\u044c, \u0430 \u0432 Slack \u043e\u043d\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u043a\u0430\u043a \u044f\u0440\u043b\u044b\u043a\u0438 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043e\u043a\u043d\u0435 Message Composer.\n\n\u0422\u0430\u043a\u0436\u0435 \u0432 GitLab 16.7.2 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438:\n\nCVE-2023-4812 . \u0412\u044b\u0441\u043e\u043a\u043e\u0443\u0440\u043e\u0432\u043d\u0435\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitLab 15.3 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 CODEOWNERS \u043f\u0443\u0442\u0451\u043c \u0432\u043d\u0435\u0441\u0435\u043d\u0438\u044f \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0432 \u0440\u0430\u043d\u0435\u0435 \u043e\u0434\u043e\u0431\u0440\u0435\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u043b\u0438\u044f\u043d\u0438\u0435.\n\nCVE-2023-6955 . \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0432 GitLab \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.7.2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0440\u0430\u0431\u043e\u0447\u0435\u0435 \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u043e \u0432 \u043e\u0434\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0435, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0435 \u0441 \u0430\u0433\u0435\u043d\u0442\u043e\u043c \u0438\u0437 \u0434\u0440\u0443\u0433\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b.\n\nCVE-2023-2030 . \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043a\u043e\u043c\u043c\u0438\u0442\u043e\u0432, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u0438 GitLab CE/EE \u0441 12.2 \u0438 \u0432\u044b\u0448\u0435, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u043c\u0438\u0442\u043e\u0432 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438.\n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 \u0438 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0434\u043b\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 GitLab .\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-01-15T15:42:10.000000Z"}, {"uuid": "d5864e6f-0de4-4514-807b-a6aa1fb38212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/itsec_news/4031", "content": "\u200b\u26a1\ufe0fCVE-2023-7028: \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b \u0441 5300 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432\u043e\u0442-\u0432\u043e\u0442 \u0441\u0442\u0430\u043d\u0443\u0442 \u0434\u043e\u0431\u044b\u0447\u0435\u0439 \u0445\u0430\u043a\u0435\u0440\u043e\u0432\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f Zero-click \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-7028 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 10.0), \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u044b \u0443\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0432 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 5 300 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u0445 GitLab, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 GitLab, \u0434\u0430\u043b\u0435\u043a\u043e \u043d\u0435 \u0432\u0441\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0441\u043f\u0435\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0441\u043e\u0444\u0442.\n\n\u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u0425\u0430\u043a\u0435\u0440\u044b \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u043f\u0438\u0441\u044c\u043c\u0430 \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0438\u043c\u0438 \u0430\u0434\u0440\u0435\u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u0447\u0442\u043e \u0438 \u0434\u0430\u0451\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u0447\u0451\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c.\n\n\u0425\u043e\u0442\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0434\u0430\u0451\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0443\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e (2FA), \u0434\u043b\u044f \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439, \u043d\u0435 \u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0445 \u044d\u0442\u0438\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u043d\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043a\u043e\u043b\u043e\u0441\u0441\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0438\u0441\u043a.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 GitLab Community \u0438 Enterprise Edition:\n\n16.1 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.1.5;\n16.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.2.8;\n16.3 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.3.6;\n16.4 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.4.4;\n16.5 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.5.6;\n16.6 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.6.4;\n16.7 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 16.7.2.\n\n\u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b 11 \u044f\u043d\u0432\u0430\u0440\u044f. \u0421\u043f\u0443\u0441\u0442\u044f \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u0441\u043b\u0443\u0436\u0431\u0430 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0443\u0433\u0440\u043e\u0437 ShadowServer \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e 5379 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u0445 GitLab, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430.\n\n\u0418\u0441\u0445\u043e\u0434\u044f \u0438\u0437 \u0440\u043e\u043b\u0438 GitLab \u043a\u0430\u043a \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0438 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u044d\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u0443\u0442\u0435\u0447\u043a\u0438 API-\u043a\u043b\u044e\u0447\u0435\u0439 \u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shadowserver, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0421\u043e\u0435\u0434\u0438\u043d\u0451\u043d\u043d\u044b\u0445 \u0428\u0442\u0430\u0442\u0430\u0445 (964), \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f (730), \u0420\u043e\u0441\u0441\u0438\u044f (721), \u041a\u0438\u0442\u0430\u0439 (503), \u0424\u0440\u0430\u043d\u0446\u0438\u044f (298), \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u044f (122), \u0418\u043d\u0434\u0438\u044f (117) \u0438 \u041a\u0430\u043d\u0430\u0434\u0430 (99).\n\n\u0422\u0435, \u043a\u0442\u043e \u0435\u0449\u0451 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b \u043f\u0430\u0442\u0447\u0438, \u043c\u043e\u0433\u0443\u0442 \u0443\u0436\u0435 \u0431\u044b\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b GitLab \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.\n\nGitLab \u0440\u0430\u043d\u0435\u0435 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c\u0438 \u0441\u043e\u0432\u0435\u0442\u0430\u043c\u0438 \u043f\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044e \u0434\u043b\u044f \u0418\u0411-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432:\n\n\u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c gitlab-rails/productionjson.log \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a \u043f\u0443\u0442\u0438 /users/password \u0441 params.value.email, \u0441\u043e\u0441\u0442\u043e\u044f\u0449\u0438\u043c \u0438\u0437 \u043c\u0430\u0441\u0441\u0438\u0432\u0430 JSON \u0441 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c\u0438 \u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b;\n\n\u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c gitlab-rails/auditjson.log \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0441 meta.caller.id PasswordsController#create \u0438 target details, \u0441\u043e\u0441\u0442\u043e\u044f\u0449\u0438\u0445 \u0438\u0437 \u043c\u0430\u0441\u0441\u0438\u0432\u0430 JSON \u0441 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c\u0438 \u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u043c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0441\u0435 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, API-\u0442\u043e\u043a\u0435\u043d\u044b, \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b, \u0432 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 2FA \u043d\u0430 \u0432\u0441\u0435\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u044f\u0445 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0432 \u0441\u0440\u0435\u0434\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b.\n\n\u041d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u044b\u043b\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-7028, \u043d\u043e \u044d\u0442\u043e \u043d\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u043a\u0430\u043a \u043f\u043e\u0432\u043e\u0434 \u0434\u043b\u044f \u043e\u0442\u0441\u0440\u043e\u0447\u043a\u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-01-25T13:29:21.000000Z"}, {"uuid": "c487eaad-fd49-4018-86c7-c1d3e75faaef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5652", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-7028\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n\ud83d\udccf Published: 2024-01-12T13:56:41.726Z\n\ud83d\udccf Modified: 2025-02-27T04:19:20.008Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/436084\n2. https://hackerone.com/reports/2293343", "creation_timestamp": "2025-02-27T05:25:23.000000Z"}, {"uuid": "a4e023c1-747c-4eda-8103-8811b8555bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17236", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-7028\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n\ud83d\udccf Published: 2024-01-12T13:56:41.726Z\n\ud83d\udccf Modified: 2025-05-22T04:10:44.571Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/436084\n2. https://hackerone.com/reports/2293343", "creation_timestamp": "2025-05-22T04:43:32.000000Z"}, {"uuid": "d932bd36-4a01-4861-a199-3328490537e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/3yLdPUkzTvGzyEWNPBCpgQC83oQPE_W-AYhsUBf6UEcgLrg", "content": "", "creation_timestamp": "2025-06-02T00:17:36.000000Z"}, {"uuid": "840bf6db-c983-4961-b687-913ebdd41a3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/4222", "content": "\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u0433\u0438\u0442\u043b\u0430\u0431\u0447\u0438\u043a\u0438 \ud83d\udc85\ud83d\udc85\ud83d\udc85\n\n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 - GitLab 16.7.2, 16.6.4 \u0438 16.5.6, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-7028), \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (10 \u0438\u0437 10), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0447\u0443\u0436\u0443\u044e \u0443\u0447\u0451\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 \u0444\u043e\u0440\u043c\u043e\u0439 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0431\u044b\u0442\u043e\u0433\u043e \u043f\u0430\u0440\u043e\u043b\u044f. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043d\u0435\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u044b\u0435 email-\u0430\u0434\u0440\u0435\u0441\u0430. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 GitLab 16.1.0, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043a\u043e\u0434\u0430 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043d\u0435\u0432\u0435\u0440\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0430\u0441\u043d\u043e\u0439 email-\u0430\u0434\u0440\u0435\u0441.\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0444\u0430\u043a\u0442\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u0432 \u043b\u043e\u0433\u0435 gitlab-rails/production_json.log \u043d\u0430\u043b\u0438\u0447\u0438\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0443 /users/password \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u043c\u0430\u0441\u0441\u0438\u0432\u0430 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 email \u0432 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0435 \"params.value.email\". \u0422\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432 \u043b\u043e\u0433\u0435 gitlab-rails/audit_json.log \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0441\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c PasswordsController#create \u0432 meta.caller.id \u0438 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u043c\u0430\u0441\u0441\u0438\u0432\u0430 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0432 \u0431\u043b\u043e\u043a\u0435 target_details. \u0410\u0442\u0430\u043a\u0430 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0434\u043e\u0432\u0435\u0434\u0435\u043d\u0430 \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u043f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-5356 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043a\u043e\u0434\u0435 \u0434\u043b\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u0441 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438 Slack \u0438 Mattermost, \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c /-\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043f\u043e\u0434 \u0434\u0440\u0443\u0433\u0438\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0434\u043e\u043b\u0436\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 9.6 \u0438\u0437 10. \u0412 \u043d\u043e\u0432\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u0430\u044f (7.6 \u0438\u0437 10) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-4812), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 CODEOWNERS \u0447\u0435\u0440\u0435\u0437 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0432 \u0440\u0430\u043d\u0435\u0435 \u043e\u0434\u043e\u0431\u0440\u0435\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u043b\u0438\u044f\u043d\u0438\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 GitLab, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u0447\u0451\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043f\u043e\u0434 \u0434\u0440\u0443\u0433\u0438\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c\nhttps://www.opennet.ru/opennews/art.shtml?num=60425\n+\n\u041e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\nhttps://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/", "creation_timestamp": "2024-01-12T10:15:15.000000Z"}, {"uuid": "77ba6524-4f30-433a-bc34-5507b050a509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/BleepingComputer/19304", "content": "\u200aOver 5,300 GitLab servers exposed to zero-click account takeover attacks\n\nOver 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. [...]\n\nhttps://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/", "creation_timestamp": "2024-01-24T19:18:57.000000Z"}, {"uuid": "4eca13c1-850e-437b-9996-b6e09a4ad2c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/JxyyR7DPCkvNqGXHwYf1FM_TYIK_7LUKbzPocNJOIh8q_94", "content": "", "creation_timestamp": "2025-08-05T21:00:04.000000Z"}, {"uuid": "374c88fd-d5b7-4c13-b87e-f20d772ffb21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3568", "content": "\ud83d\ude08 [ Vozec @Vozec1 ]\n\nI have implemented the latest CVE-2023-7028 to Account Take-Over on GitLab completely automatically. (CVSS10):\n\n\ud83d\udd17 https://github.com/Vozec/CVE-2023-7028\n\n\ud83d\udc25 [ tweet ]", "creation_timestamp": "2024-01-14T11:58:24.000000Z"}, {"uuid": "3d2018e8-e1df-43d0-965e-7967e732a362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/sanspie_notes/381", "content": "GitLab 10/10\n\nThe most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as\u00a0CVE-2023-7028. Successful exploitation does not require any interaction.\n\nhttps://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-zero-click-account-hijacking-vulnerability/", "creation_timestamp": "2024-01-12T21:36:19.000000Z"}, {"uuid": "52744059-a0e3-41d0-a28c-a615d4375519", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/alexmakus/5233", "content": "GitLab 10/10\n\nThe most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as\u00a0CVE-2023-7028. Successful exploitation does not require any interaction.\n\nhttps://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-zero-click-account-hijacking-vulnerability/", "creation_timestamp": "2024-01-12T20:02:03.000000Z"}, {"uuid": "8a72158c-3f56-418b-a5c7-e3c85c66b339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/kasperskyb2b/1113", "content": "\u26a1\ufe0f \u0411\u043e\u043b\u0435\u0435 5300 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 GitLab  \u0432\u0441\u0435 \u0435\u0449\u0451 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0439 \u0441\u0435\u0442\u0438. \u0418\u0437 \u043d\u0438\u0445 \u043c\u0438\u043d\u0438\u043c\u0443\u043c 700 \u2014 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \ud83d\ude1e \n\u0414\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u043f\u0440\u043e\u0448\u043b\u043e \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0443\u0433\u043d\u0430\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0431\u0435\u0437 \u0432\u0441\u044f\u043a\u043e\u0433\u043e \u0443\u0447\u0430\u0441\u0442\u0438\u044f \u0436\u0435\u0440\u0442\u0432\u044b (CVE-2023-7028, CVSS \u043f\u043e GitLab 10, \u0445\u043e\u0442\u044f NVD \u0432\u044b\u0434\u0430\u043b \u0432\u0441\u0435\u0433\u043e 7,5 \u043f\u043e\u043f\u0443\u0433\u0430\u0435\u0432).  \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u044b\u0439 \u0435\u043c\u0443 \u0430\u0434\u0440\u0435\u0441 e-mail. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b GitLab \u0432 \u043e\u0431\u043e\u0438\u0445 \u0438\u0437\u0434\u0430\u043d\u0438\u044f\u0445 \u2014 \u0438 Community \u0438 Enterprise.  \n\n\u0422\u0435\u043c, \u043a\u0442\u043e \u0437\u0430 \u044d\u0442\u0438 \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u0442\u0430\u043a \u0438 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b GitLab, \u0442\u0435\u043f\u0435\u0440\u044c \u043d\u0443\u0436\u043d\u043e \u043d\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u043f\u043e\u043b\u044c\u0437\u0443\u044f\u0441\u044c \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e\u043c \u043e\u0442 GitLab \u0438 \u0438\u0445 \u0436\u0435 \u0441\u043e\u0432\u0435\u0442\u0430\u043c\u0438 \u043f\u043e \u0434\u0435\u0442\u0435\u043a\u0442\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438. \n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-01-25T20:28:04.000000Z"}, {"uuid": "d8d08164-6c57-4bd4-9df7-031a2771e50f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/26971", "content": "", "creation_timestamp": "2024-08-29T12:22:04.000000Z"}, {"uuid": "0bb621c4-d5d9-4734-babb-23f1d520e158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/53570", "content": "", "creation_timestamp": "2024-09-30T12:23:07.000000Z"}, {"uuid": "5092c90c-946c-4ec8-a607-657790c87d8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/23716", "content": "", "creation_timestamp": "2024-08-23T08:44:16.000000Z"}, {"uuid": "da55c909-5e36-45f0-a0ca-5b2e726c5728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/hydral0gs/1814", "content": "#Takeover #Gitlab #CVE\n\nCVE-2023-7028\n\n\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0420\u043e\u0421", "creation_timestamp": "2024-01-13T10:01:41.000000Z"}, {"uuid": "5da754a9-b317-49dc-81c9-03892caa223f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/hydral0gs/1808", "content": "#exploit (untested) \nCVE-2023-7028: Gitlab Account Takeover via Password Reset\nPoC: https://github.com/RandomRobbieBF/CVE-2023-7028", "creation_timestamp": "2024-01-12T23:59:38.000000Z"}, {"uuid": "19310c96-0c9b-45cf-a1b3-485bd9677c53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/bizone_channel/1087", "content": "\ud83e\udd65\u041f\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 GitLab vs BI.ZONE WAF\n\n12 \u044f\u043d\u0432\u0430\u0440\u044f \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u043a\u043e\u0434\u0435 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b GitLab, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u0443\u044e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u041f\u041e.\u00a0\n\n\u0414\u0432\u0435 \u0438\u0437 \u043d\u0438\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435: CVE-2023-7028 \u0438 CVE-2023-5356. \u0418\u0445 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS \u2014\u00a010 \u0438\u0437 10\u00a0\u0438\u00a09,8 \u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0438 \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c, \u0443 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 GitLab \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435.\n\n\ud83d\udd35CVE-2023-7028 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\u00a0\n\n\u041f\u043e\u043b\u0443\u0447\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0435 \u043a\u043e\u0434\u044b \u0438\u043b\u0438 \u0432\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0432 \u043d\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0447\u0430\u0441\u0442\u0438. \n\n\u0412\u00a0\u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 GitLab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447\u0438 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u00a0\u0432\u0435\u0440\u0441\u0438\u044f\u0445\u00a016.5.6, 16.6.4 \u0438 16.7.2, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438\u00a016.1.6,\u00a016.2.9, 16.3.7 \u0438 16.4.5.\u00a0\n\n\ud83d\udd35\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-5356\u00a0\u043c\u043e\u0436\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c\u00a0slash-\u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u043a\u043e\u0434\u0430\u00a0\u0432 GitLab \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0431\u044b\u043b\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0441 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043c\u0435\u0441\u0441\u0435\u043d\u0434\u0436\u0435\u0440\u0430\u043c\u0438 Slack \u0438\u043b\u0438 Mattermost.\u00a0\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 16.5.6, 16.6.4 \u0438 16.7.2.\u00a0\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0432 GitLab, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043c\u043e\u0433\u0443\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0431\u0438\u0437\u043d\u0435\u0441-\u043b\u043e\u0433\u0438\u043a\u0443 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\u043c\u0438 BI.ZONE WAF \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043d\u0435 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0435, \u0430 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0443 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435", "creation_timestamp": "2024-01-18T13:11:53.000000Z"}, {"uuid": "837801de-13d9-42be-a337-7f06a23fbb22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/azFbZD67w8fVuHY5XO65_5tLGkfKB2bbucQXMoK4aHALotSw", "content": "", "creation_timestamp": "2024-10-23T09:05:29.000000Z"}, {"uuid": "8c43026b-f4a9-4ea1-a11b-a8976bb5f2a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/ppqzokearGI0VNJONVXIXcUxLMeOVTBBS1VHhjI80KY16vc", "content": "", "creation_timestamp": "2024-04-02T02:04:42.000000Z"}, {"uuid": "e02362d1-9c81-494c-8c16-5de31bece135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/yQQCrVr3DW2j2Yu0flCOol8pDSDnKs1F17zYo146g5DHew", "content": "", "creation_timestamp": "2024-01-20T22:51:56.000000Z"}, {"uuid": "e651a307-70ca-4b7e-b51f-944c7f5daa87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/zf_oqFdDpIN-rLXouS32bpOyG_3WGn58Bq6X282S0xgL2A", "content": "", "creation_timestamp": "2024-01-19T06:39:23.000000Z"}, {"uuid": "1fb82b14-851a-4af1-a744-11268d985f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/HelangMerahGroup/256", "content": "GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356). \n\nOne of these could allow account takeover without user interaction. \n\nFind details here: https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html", "creation_timestamp": "2024-01-12T14:46:35.000000Z"}, {"uuid": "88428a04-54de-4ce3-8e96-a7add0bfe027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/15577", "content": "", "creation_timestamp": "2024-08-11T23:59:45.000000Z"}, {"uuid": "c2c08331-2684-46a5-8d16-c4a4852ec3cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/4321", "content": "", "creation_timestamp": "2024-07-22T14:07:39.000000Z"}, {"uuid": "c36c0848-fcf6-4376-b0c5-b8985448ea7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "Telegram/nYt6x_KLqbUyTy_QMFUjNzjyPRoiqAKpWKR-Ana87vxHWdU", "content": "", "creation_timestamp": "2024-05-02T09:06:19.000000Z"}, {"uuid": "3340a045-c25d-4119-9a8f-afc8072c0b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "Telegram/NRDp2ia2nCvEKR5oNEhiqebruU8T2MGScEyUCDTCMJqi1Q", "content": "", "creation_timestamp": "2024-05-02T11:54:40.000000Z"}, {"uuid": "ddba3305-9432-45b6-ada2-ede927b6d337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/12791", "content": "\ud83d\udea8CVE-2023-7028 Exploit: GitLab Password Reset Poisoning Vulnerability\n\nhttps://github.com/sariamubeen/CVE-2023-7028\n\nThis repository contains an exploit for CVE-2023-7028, a critical vulnerability in GitLab that allows an attacker to abuse the password reset functionality and take over accounts, including administrator accounts.", "creation_timestamp": "2025-02-18T01:48:33.000000Z"}, {"uuid": "f76f12e0-dca5-41ee-a1f2-a89bda5609ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/79108", "content": "", "creation_timestamp": "2024-08-11T23:59:43.000000Z"}, {"uuid": "67951716-1c18-4296-b0af-c5ef56e41da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/67713", "content": "", "creation_timestamp": "2024-07-22T14:07:38.000000Z"}, {"uuid": "c95426b3-781a-4474-a013-7465b7f76da1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/55yV0jvsTiwNz9BrdBf5o4iqh9KwY2V_iS0iNMBF7hUinXE", "content": "", "creation_timestamp": "2024-04-02T01:00:13.000000Z"}, {"uuid": "6d6a1dd5-e068-44ec-a2d3-2195c3a54544", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/116469", "content": "", "creation_timestamp": "2024-09-30T12:23:06.000000Z"}, {"uuid": "b6943194-61aa-4241-9910-45bff72cd7e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/90539", "content": "", "creation_timestamp": "2024-08-29T12:22:02.000000Z"}, {"uuid": "3ac6fb54-78a9-4719-9929-7cb05b5e2370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/87266", "content": "", "creation_timestamp": "2024-08-23T08:44:15.000000Z"}, {"uuid": "563d2cbd-ebe4-49a4-b840-ae90384d15ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/9WcFVdGdjmSGOuyvlCQumGe3dx-1o6uFfrp4zmAh3Am-O4O-", "content": "", "creation_timestamp": "2024-10-30T21:13:12.000000Z"}, {"uuid": "c356be56-98f3-4fdb-9bf9-e02c4078ac3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/JOQ34GT-BFXdJbYThW4Av_tdBmO-u9pcMqxAechz_uAnqG-l", "content": "", "creation_timestamp": "2024-10-23T05:43:29.000000Z"}, {"uuid": "6de04f27-9163-4c7a-8229-b26b4e81ca8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/3DdCdy7Snqa5m7P2YPjaAQX-v45Qe1pltgEDl1gjB8M22zE", "content": "", "creation_timestamp": "2024-08-29T12:22:12.000000Z"}, {"uuid": "36d3a3bd-66e8-4f2d-a29f-db53ed56abb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/6746", "content": "The Hacker News\nCISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.\nTracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email", "creation_timestamp": "2024-05-02T11:54:41.000000Z"}, {"uuid": "af839a61-db12-47b7-9761-f5b1d52a0dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/ihdACpsIvXokufokDNlu70eag1gsniAZ5r1VxH4gaxe4aAM", "content": "", "creation_timestamp": "2024-08-23T08:44:36.000000Z"}, {"uuid": "8ec1bc8d-d184-499a-9151-c7c6262c3500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/3113", "content": "GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356). \n\nOne of these could allow account takeover without user interaction. \n\nFind details here: https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html", "creation_timestamp": "2024-01-13T01:40:22.000000Z"}, {"uuid": "a1bd34e5-63b0-4aa2-9e7c-bbc6425b6182", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/darkcommunityofficial/307", "content": "\ud83d\udea8Alert\ud83d\udea8 CVE-2023-7028&5356 GitLab Addresses Account Takeover & Command Flaws \n\nAccount Takeover via Password Reset without user interactions\n\nA critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords.\n\nuser[email][]=valid@email.com&user[email][]=attacker@email.com \n\n-PWNED \ud83d\ude0e\n\nhttps://github.com/Vozec/CVE-2023-7028\n\nExploit Guys \ud83d\ude02", "creation_timestamp": "2024-01-14T08:35:24.000000Z"}, {"uuid": "48be82a1-ea6f-461e-b724-19a2b527b6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/fWkOBqlVLX7aVon9gCp8JFJaXumaZln406hjYpiEuceC4wU", "content": "", "creation_timestamp": "2024-08-12T00:01:06.000000Z"}, {"uuid": "94a2314f-fe22-4496-bce2-c3b637800c2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/arpsyndicate/2765", "content": "#ExploitObserverAlert\n\nCVE-2023-7028\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-7028. An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. \n\nGITLAB-IS: 10.0", "creation_timestamp": "2024-01-15T07:22:26.000000Z"}, {"uuid": "95f057af-f08f-421c-9a07-3dbb3feb8554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/kL8FcrtGJ8rFpt_Mls7srgCQKayt2RXHtjYV9mhN43DJ38g", "content": "", "creation_timestamp": "2024-07-22T14:09:52.000000Z"}, {"uuid": "5f51eddb-954b-4e00-88ed-b66f03441cf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/j_b9XaHEWNrRVQl0KUf5sq5MBMEv3mE0NFsS09BSklI5hUs", "content": "", "creation_timestamp": "2024-09-30T12:22:40.000000Z"}, {"uuid": "f4b9461f-7823-4fad-b353-4deb6de27e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/EaJ6qmGouFArebEaKTCTEzLYt-kmduy8tMNctF-F6lchMb-B", "content": "", "creation_timestamp": "2024-10-30T21:13:13.000000Z"}, {"uuid": "e952c1db-e888-426e-8287-e99611200ad7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/TVsPq2MDTl1yV1Db1tt2IT5qS-ITA703MVWoa35-e3srEN5q", "content": "", "creation_timestamp": "2024-10-23T05:43:29.000000Z"}, {"uuid": "bf011825-73a3-4f56-9b7e-369749030ea9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/22155", "content": "CVE-2023-7028 | Account-Take-Over Gitlab\n*\nusage:\npython3 ./CVE-2023-7028.py -u https://gitlab.example.com/ -t my.target@example.com\n\n#gitlab", "creation_timestamp": "2024-04-24T18:14:40.000000Z"}, {"uuid": "e24b7f5f-2d4b-4d62-9777-5631135821d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/10978", "content": "CVE-2023-7028 | Account-Take-Over Gitlab\n*\nusage:\npython3 ./CVE-2023-7028.py -u https://gitlab.example.com/ -t my.target@example.com\n\n#gitlab", "creation_timestamp": "2024-04-02T01:00:14.000000Z"}, {"uuid": "17b00fcd-40ea-4244-afb6-207cef837013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "Telegram/5jJwj9L8yrtZd9NmebXveFxXHfE6TTH3WPfRbLcdXrBCHg", "content": "", "creation_timestamp": "2024-05-02T11:55:02.000000Z"}, {"uuid": "8f95e2b3-260f-4aed-8874-45f5dfc2b07c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/13344", "content": "CVE-2023-7028 | Account-Take-Over Gitlab\n*\nusage:\npython3 ./CVE-2023-7028.py -u https://gitlab.example.com/ -t my.target@example.com\n\n#gitlab", "creation_timestamp": "2024-04-02T02:04:43.000000Z"}, {"uuid": "81958505-64d2-4906-86eb-7a4369a549ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/zWxo3Cw-L0j3i9i10z7EXj-lbVa_cnBBNr2aEThsuVOglds", "content": "", "creation_timestamp": "2024-08-21T12:19:15.000000Z"}, {"uuid": "f5265a74-10c1-435b-8b16-7988c758cccc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/1254", "content": "The Hacker News\nCISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.\nTracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email", "creation_timestamp": "2024-05-02T11:54:41.000000Z"}, {"uuid": "20cdb4c4-2202-4734-9044-d4581f318dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/271", "content": "GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356). \n\nOne of these could allow account takeover without user interaction. \n\nFind details here: https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html", "creation_timestamp": "2024-01-13T01:40:22.000000Z"}, {"uuid": "4645895d-e867-4e60-93da-fd5c4a705504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://t.me/KomunitiSiber/1877", "content": "CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability\nhttps://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has\u00a0added\u00a0a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.\nTracked as\u00a0CVE-2023-7028\u00a0(CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email", "creation_timestamp": "2024-05-02T09:18:22.000000Z"}, {"uuid": "f67614d2-55ee-4328-b139-09e8c789d0d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/leak_db2/1667", "content": "#CVE-2023-7028\n\nGitlab Account Takeover via Password Reset\n\nPoC: https://github.com/RandomRobbieBF/CVE-2023-7028\n\n@leak_db2", "creation_timestamp": "2024-01-17T19:41:43.000000Z"}, {"uuid": "73c797e7-f2c5-4f12-b890-0a075ea8e941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1876", "content": "CVE-2023-7028 | Account-Take-Over Gitlab\n*\nusage:\npython3 ./CVE-2023-7028.py -u https://gitlab.example.com/ -t my.target@example.com\n\n#gitlab", "creation_timestamp": "2024-01-19T05:11:39.000000Z"}, {"uuid": "cf109f8e-c2e5-4a74-aa6c-575a20be991e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "Telegram/G4oHXT0CbUhaieR2DEz1DSwvuL9Uz23v7uaskNGbaWBczg", "content": "", "creation_timestamp": "2024-01-13T10:01:41.000000Z"}, {"uuid": "57a84837-7aca-471a-9753-871290a82c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/6TsFp5lmfvJN0KwTbSegTeq8oGtYwZKHrTDbuzHIaRR-0Q", "content": "", "creation_timestamp": "2024-01-13T00:00:40.000000Z"}, {"uuid": "d4599bb6-6d20-4ba2-8d86-a0fd6a4782a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/tI6uyoyhLPxHdfFOPEX2RW7yojte581e2AXplmsWkhCgww", "content": "", "creation_timestamp": "2024-01-12T23:59:38.000000Z"}, {"uuid": "b4d3ca21-fbf0-4236-9bd4-9770b8a659f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "Telegram/jdeJ-PY3xLzzMopLAJT_yvwQDwEdof5zlLKpiD_UCh4Kmtk", "content": "", "creation_timestamp": "2024-01-29T22:25:51.000000Z"}, {"uuid": "5ea1ecf2-263d-49de-969a-2230d649d72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/hgU9ujmtnHkTL0pqRxwK3Xr_oDL2zlBBcW8VphhPJ1cj5cA", "content": "", "creation_timestamp": "2024-03-14T06:22:05.000000Z"}, {"uuid": "5e440e58-ea39-468e-b931-26be744f5997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/TZnxel0ze_9e1xax33fp3-XhrukGqyG-p76NNTOaGqqh840", "content": "", "creation_timestamp": "2024-01-16T13:03:17.000000Z"}, {"uuid": "87131588-3116-46c5-ba3d-a587ad4266be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6428", "content": "GitLab CVE-2023-7028 - Uncover account takeover potential with a simple password reset method.\n\nKnown POC:\nuser[email][]=valid@email.com&user[email][]=attacker@email.com\n\nIdentifying vulnerable targets:\n\n1. Utilize the nuclei template to spot exposed Gitlab Instances.\nhttps://github.com/projectdiscovery/nuclei-templates/blob/72b74d91bc48c8e7255c9974c3969684c451932a/http/exposed-panels/gitlab-detect.yaml#L20\n\n2. Hunt for potentially valid victim org emails through various sources. An effortless choice\nhttps://app.snov.io/login?name=example%5B.%5Dcom&tab=emails\n\n3. Install and execute the Python script https://github.com/RandomRobbieBF/CVE-2023-7028 on these hosts. If the target is vulnerable you'll likely receive an email on your attacker-controlled server.\n\nUsage:\n\nCVE-2023-7028.py -u URL -v victim@example.com -a attacker@grayhats.com\n\n#BugBounty #recon #bugbountytip #grayhats", "creation_timestamp": "2024-02-08T10:05:33.000000Z"}, {"uuid": "74c1a06d-b309-4849-b569-05734af8eb35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/CyberSecurityIL/37011", "content": "\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1\u05d2\u05d9\u05d8\u05dc\u05d0\u05d1 \u05e2\u05dd \u05e8\u05de\u05ea \u05e1\u05d9\u05db\u05d5\u05df 10.0 \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e4\u05d9\u05dd \u05dc\u05d2\u05e0\u05d5\u05d1 \u05d0\u05ea \u05d4\u05d1\u05e2\u05dc\u05d5\u05ea \u05e2\u05dc \u05d4\u05d7\u05e9\u05d1\u05d5\u05df \u05e9\u05dc\u05db\u05dd.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 CVE-2023-7028 \u05ea\u05d5\u05e7\u05e0\u05d4 \u05db\u05d1\u05e8 \u05dc\u05e4\u05e0\u05d9 \u05e9\u05d1\u05d5\u05e2\u05d9\u05d9\u05dd, \u05d0\u05d1\u05dc \u05e2\u05d3\u05d9\u05d9\u05df \u05d9\u05e9 \u05d1\u05e2\u05d5\u05dc\u05dd \u05de\u05e2\u05dc 5,000 \u05de\u05de\u05e9\u05e7\u05d9 \u05d4\u05d6\u05d3\u05d4\u05d5\u05ea \u05dc\u05d2\u05d9\u05d8\u05dc\u05d0\u05d1 \u05e9\u05d7\u05e9\u05d5\u05e4\u05d9\u05dd \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4.\n\n\u05d0\u05d2\u05d1, \u05d1\u05d1\u05d3\u05d9\u05e7\u05d4 \u05e7\u05e6\u05e8\u05d4 \u05e0\u05e8\u05d0\u05d4 \u05e9\u05d1\u05d9\u05e9\u05e8\u05d0\u05dc \u05d9\u05e9 11 \u05de\u05de\u05e9\u05e7\u05d9 \u05d2\u05d9\u05d8\u05dc\u05d0\u05d1 \u05e9\u05d6\u05de\u05d9\u05e0\u05d9\u05dd \u05d1\u05d2\u05d9\u05e9\u05d4 \u05de\u05e8\u05d7\u05d5\u05e7 (\u05d0\u05e0\u05d9 \u05dc\u05d0 \u05d1\u05d8\u05d5\u05d7 \u05e9\u05d4\u05dd \u05e4\u05d2\u05d9\u05e2\u05d9\u05dd \u05d0\u05d1\u05dc \u05d7\u05e9\u05d5\u05d1 \u05dc\u05d1\u05d3\u05d5\u05e7 \u05d0\u05dd \u05d9\u05e9 \u05e6\u05d5\u05e8\u05da \u05e9\u05d4\u05de\u05de\u05e9\u05e7\u05d9\u05dd \u05e9\u05dc\u05db\u05dd \u05d9\u05d4\u05d9\u05d5 \u05e4\u05ea\u05d5\u05d7\u05d9\u05dd \u05d1\u05d0\u05d5\u05e4\u05df \u05db\u05d6\u05d4).\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d0\u05d2\u05d1, \u05e4\u05d5\u05e8\u05e1\u05de\u05d4 \u05d1\u05e4\u05d9\u05d3 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d1-12.1.24\n\nhttps://t.me/CyberSecurityIL/4499", "creation_timestamp": "2024-01-26T09:03:27.000000Z"}, {"uuid": "14c75e65-cdde-4f5d-98d8-89d0add74f0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/true_secator/5356", "content": "GitLab \u0432\u043d\u043e\u0432\u044c \u0440\u0430\u043f\u043e\u0440\u0442\u0443\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043d\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Community Edition (CE) \u0438 Enterprise Edition (EE) \u043f\u043e\u0441\u043b\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 10-\u0442\u0438 \u0431\u0430\u043b\u044c\u043d\u043e\u0439 CVE-2023-7028.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-0402 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,9 \u0438\u0437 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 10.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 16.0 \u0434\u043e 16.5.8, \u043e\u0442 16.6 \u0434\u043e 16.6.6, \u043e\u0442 16.7 \u0434\u043e 16.7.4 \u0438 \u043e\u0442 16.8 \u0434\u043e 16.8.1.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0441\u0442\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 GitLab \u043f\u0440\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u0440\u0430\u0431\u043e\u0447\u0435\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0431\u044b\u043b\u0438 \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 16.5.8, 16.6.6, 16.7.4 \u0438 16.8.1.\n\n\u0422\u0430\u043a\u0436\u0435 GitLab \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0447\u0435\u0442\u044b\u0440\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0439 (ReDoS), \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e HTML \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0447\u0435\u0440\u0435\u0437 RSS-\u043a\u0430\u043d\u0430\u043b \u0442\u0435\u0433\u043e\u0432.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0447\u0442\u043e\u0431\u044b \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0438\u0441\u043a\u0438.\n\n\u0412 \u0441\u0440\u0435\u0434\u0430\u0445 GitLab.com \u0438 GitLab Dedicated \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f.", "creation_timestamp": "2024-01-31T10:52:17.000000Z"}, {"uuid": "b9244f51-af83-4abb-bf50-9e0054dfe824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/true_secator/5333", "content": "\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 0-click CVE-2023-7028 \u0441 CVSS: 10,0, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u0437\u0430\u0445\u0432\u0430\u0442\u043e\u043c \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 GitLab, \u0431\u043e\u043b\u0435\u0435 5300 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0430\u0434\u0440\u0435\u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0435\u043c\u0443 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u0430 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c 2FA, \u043d\u043e \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043e\u043d\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0440\u0438\u0441\u043a \u0434\u043b\u044f \u043b\u044e\u0431\u044b\u0445 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0445  \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439, \u0438 \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044f \u0440\u0438\u0441\u043a\u0443 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043f\u0440\u043e\u043f\u0440\u0438\u0435\u0442\u0430\u0440\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u0443\u0442\u0435\u0447\u043a\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 API \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 GitLab Community \u0438 Enterprise Edition \u0432\u0435\u0440\u0441\u0438\u0439 16.1 \u0434\u043e 16.1.5, 16.2 \u0434\u043e 16.2.8, 16.3 \u0434\u043e 16.3.6, 16.4 \u0434\u043e 16.4.4, 16.5 \u0434\u043e 16.5.6, 16.6 \u0434\u043e 16.6.4 \u0438 16.7 \u0434\u043e 16.7.2. 11 \u044f\u043d\u0432\u0430\u0440\u044f 2024 \u0433\u043e\u0434\u0430\u00a0GitLab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0418 \u0441\u043f\u0443\u0441\u0442\u044f 13 \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, ShadowServer \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 5379 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 GitLab.\n\n\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u0421\u0428\u0410 (964), \u0437\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f (730), \u0420\u043e\u0441\u0441\u0438\u044f (721), \u041a\u0438\u0442\u0430\u0439 (503), \u0424\u0440\u0430\u043d\u0446\u0438\u044f (298), \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u044f (122), \u0418\u043d\u0434\u0438\u044f (117), \u0438 \u041a\u0430\u043d\u0430\u0434\u0430 (99).\n\n\u0412\u0441\u0435\u043c, \u043a\u0442\u043e \u0435\u0449\u0435 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b \u043f\u0430\u0442\u0447, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e\u043d\u0438\u043c\u0430\u0442\u044c, \u0447\u0442\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043e\u043d\u0438 \u0443\u0436\u0435 \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0443 GitLab \u043f\u043e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0438 \u0432\u044b\u044f\u0432\u043b\u044f\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.\n\n\u0420\u0430\u043d\u0435\u0435 GitLab \u0442\u0430\u043a\u0436\u0435 \u0434\u0435\u043b\u0438\u043b\u0441\u044f \u0441\u043e\u0432\u0435\u0442\u0430\u043c\u0438 \u043f\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044e.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u043c \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0441\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0442\u043e\u043a\u0435\u043d\u044b API, \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0438 \u043b\u044e\u0431\u044b\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c 2FA \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u043b\u0436\u043d\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0432 \u0441\u0432\u043e\u0435\u0439 \u0441\u0440\u0435\u0434\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0420\u0430\u0434\u0443\u0435\u0442 \u043b\u0438\u0448\u044c \u0442\u043e, \u0447\u0442\u043e \u043d\u0430 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2023-7028 \u043d\u0435 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043e, \u043d\u043e \u044d\u0442\u043e \u043d\u0435 \u043f\u043e\u0432\u043e\u0434, \u0447\u0442\u043e\u0431\u044b \u043e\u0442\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440.", "creation_timestamp": "2024-01-25T11:20:04.000000Z"}, {"uuid": "3ca92ac1-2fda-46a2-aa39-1cb5279f5c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/true_secator/5292", "content": "GitLab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 DevSecOps.\n\n\u041e\u0434\u0438\u043d \u0438\u0437 \u0431\u0430\u0433\u043e\u0432 \u0432\u044b\u0431\u0438\u043b \u0441\u0442\u0440\u0430\u0439\u043a \u043f\u043e CVSS \u0438 \u0438\u043c\u0435\u0435\u0442 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0431\u0430\u043b\u043b \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 10 \u0438\u0437 10, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2023-7028, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435, \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b.\n\n\u042d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430 \u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0414\u0440\u0443\u0433\u0438\u043c \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u043e\u043a\u0430\u0437\u0430\u0442\u044c\u0441\u044f \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0432\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0436\u0438\u0432\u044b\u0435 \u0441\u0440\u0435\u0434\u044b, \u0433\u0434\u0435 GitLab \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f CI/CD.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, CVE-2023-5356, \u0438\u043c\u0435\u0435\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 9,6 \u0438\u0437 10, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0435\u0439 Slack/Mattermost, \u0433\u0434\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u043b\u044d\u0448-\u043a\u043e\u043c\u0430\u043d\u0434 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e GitLab \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 IOC \u0438 \u043d\u0430\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438\u0437 \u043a\u043e\u0440\u043e\u0431\u043a\u0438, \u043d\u043e \u0434\u043b\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0442\u0438\u043f\u043e\u0432 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u0443\u0447\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u0412\u043c\u0435\u0441\u0442\u0435 \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u043c\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a CVE-2023-4812, CVE-2023-6955 \u0438 CVE-2023-2030 \u043f\u0443\u0441\u0442\u044c \u0441 \u043c\u0435\u043d\u0435\u0435 \u043d\u0438\u0437\u043a\u0438\u043c\u0438 \u043e\u0446\u0435\u043d\u043a\u0430\u043c\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043d\u043e \u0432\u0441\u0435 \u0436\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.", "creation_timestamp": "2024-01-15T16:20:06.000000Z"}, {"uuid": "504e175a-3df2-464f-9ecb-f3998bd8e53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://t.me/true_secator/5697", "content": "\u0411\u043e\u043b\u0435\u0435 1400 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 GitLab, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u044c \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043d\u0430 \u0440\u0443, \u0440\u0438\u0441\u043a\u0443\u044e\u0442 \u0441\u0442\u0430\u0442\u044c \u0447\u0430\u0441\u0442\u044c\u044e \u043d\u0430\u043c\u0435\u0442\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043c\u0443\u2026\u0432, \u043e\u0441\u0442\u0430\u0432\u0430\u044f\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2023-7028 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 10/10.\n\nGitLab \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430\u00a0\u043e\u0448\u0438\u0431\u043a\u0443 \u0435\u0449\u0435 \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2024 \u0433\u043e\u0434\u0430, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432, \u0447\u0442\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b \u0432\u0435\u0440\u0441\u0438\u0438 GitLab Community Edition (CE) \u0438 Enterprise Edition (EE) \u0441 16.1 \u043f\u043e 16.7.1.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 16.5.6, 16.6.4 \u0438 16.7.2 \u0438 \u043f\u0435\u0440\u0435\u043d\u0435\u0441\u0435\u043d\u044b \u0432 16.1.6, 16.2.9, 16.3.7 \u0438 16.4.5.\n\nCVE-2023-7028 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0441\u043e \u0441\u0431\u0440\u043e\u0441\u043e\u043c \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u0440\u0435\u0434\u044b \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0438\u0441\u044f\u043c\u0438.\n\n\u0415\u0441\u043b\u0438 \u043d\u0430 \u0442\u043e\u0442 \u043c\u043e\u043c\u0435\u043d\u0442 GitLab \u043d\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2023-7028, \u0442\u043e \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0439 \u0440\u0435\u0433\u0443\u043b\u044f\u0442\u043e\u0440 \u043d\u0430 \u0434\u043d\u044f\u0445 \u0440\u0430\u043f\u043e\u0440\u0442\u043e\u0432\u0430\u043b \u043e \u043d\u0430\u0447\u0430\u043b\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 CVE \u0432 \u0441\u0432\u043e\u0439 \u0441\u043f\u0438\u0441\u043e\u043a (KEV).\n\n\u041a\u043e\u043d\u0435\u0447\u043d\u043e, \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u044f\u043d\u0432\u0430\u0440\u0441\u043a\u0438\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u043c \u0432 5300 \u0447\u0438\u0441\u043b\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 GitLab \u0441\u043e\u043a\u0440\u0430\u0442\u0438\u043b\u043e\u0441\u044c \u0434\u043e 1400, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043d\u043e\u0432\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c\u00a0Shadowserver, \u043d\u043e \u0432\u0441\u0435 \u0436\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043b\u0438\u0447\u043d\u044b\u0439 \u0437\u0430\u0434\u0435\u043b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041a\u0442\u043e \u0435\u0449\u0435 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b \u043f\u0430\u0442\u0447, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0443\u0436\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0443 GitLab \u043f\u043e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b\u00a0\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.", "creation_timestamp": "2024-05-03T13:23:08.000000Z"}, {"uuid": "2f249593-9c21-4bd4-a47e-318776b83785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/DailyToolz/1110", "content": "#CVE-2023-7028: #Gitlab Account Takeover via Password Reset \n \nPoC: https://github.com/RandomRobbieBF/CVE-2023-7028\n- @DailyToolz", "creation_timestamp": "2024-01-16T16:00:24.000000Z"}, {"uuid": "b92ab1c4-2828-48ad-b247-ce7eb17ba25c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/ctinow/168216", "content": "https://ift.tt/hxOadXf\nCVE-2023-7028 | GitLab Community Edition/Enterprise Edition up to 16.7.1 Password Reset unknown vulnerability", "creation_timestamp": "2024-01-15T08:41:17.000000Z"}, {"uuid": "bd429b49-afd0-456a-be3a-843b9926839f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/ctinow/167659", "content": "https://ift.tt/bOoGFjg\nCVE-2023-7028 Exploit", "creation_timestamp": "2024-01-13T03:16:24.000000Z"}, {"uuid": "1103bfb6-3585-450e-903d-3bf0f5ee88c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/ctinow/167318", "content": "https://ift.tt/AJGfWOH\nCVE-2023-7028", "creation_timestamp": "2024-01-12T15:26:37.000000Z"}, {"uuid": "2120cd63-7703-459d-a062-0ac1c2ad9583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/ctinow/167227", "content": "https://ift.tt/PlBoZxw\nCritical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)", "creation_timestamp": "2024-01-12T12:51:42.000000Z"}, {"uuid": "f0730107-612d-4dcb-99d0-75685252b658", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://t.me/information_security_channel/51403", "content": "Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug\nhttps://www.securityweek.com/thousands-of-gitlab-instances-unpatched-against-critical-password-reset-bug/\n\nOver 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability.\nThe post Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug (https://www.securityweek.com/thousands-of-gitlab-instances-unpatched-against-critical-password-reset-bug/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-01-25T15:49:52.000000Z"}, {"uuid": "d9f0e07f-15f9-45cf-bd89-e1eb98157f0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/thehackernews/4393", "content": "GitLab users, beware! Security updates released to address critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356). \n \nOne of these could allow account takeover without user interaction. \n \nFind details here: https://thehackernews.com/2024/01/urgent-gitlab-releases-patch-for.html", "creation_timestamp": "2024-01-12T14:16:39.000000Z"}, {"uuid": "3a99a1a0-12b8-4819-8acc-79d2e6f26141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://t.me/thehackernews/4900", "content": "\ud83d\udea8 Attention GitLab users! \n \nA critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses. \n \nRead details: https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html \n \nUpdate to the latest patched versions immediately.", "creation_timestamp": "2024-05-02T08:18:52.000000Z"}, {"uuid": "c2dfe78e-424c-4088-a8d5-5cdbe8953248", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "exploited", "source": "https://t.me/xakep_ru/15295", "content": "\u0411\u043e\u043b\u0435\u0435 5300 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 GitLab \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0431\u043e\u043b\u0435\u0435 5300 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a GitLab, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0432 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435, \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 CVE-2023-7028, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u0437\u0430\u0445\u0432\u0430\u0442\u043e\u043c \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435.\n\nhttps://xakep.ru/2024/01/25/cve-2023-7028-gitlab/", "creation_timestamp": "2024-01-25T19:51:51.000000Z"}, {"uuid": "e101152a-1090-4a72-a740-dda93a9df561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/webpwn/358", "content": "#gitlab\n\n\u0417\u0430\u0431\u0430\u0432\u043d\u0430\u044f \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Gitlab -  CVE-2023-7028\n\n\u041c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u043f\u043e\u0447\u0442\u0443 \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u044f, \u043f\u0435\u0440\u0435\u0434\u0430\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0432 \u043d\u0443\u043b\u0435\u0432\u043e\u043c \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0435 \u043c\u0430\u0441\u0441\u0438\u0432\u0430 \u0431\u0443\u0434\u0435\u0442 \u0432\u0430\u043b\u0438\u0434\u043d\u044b\u0439 email, \u0430 \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c - \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\nPoC:\n\nuser[email][]=valid@email.com&user[email][]=attacker@email.com\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0444\u0430\u043a\u0442\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043e\u0446\u0435\u043d\u0438\u0442\u044c \u0432 \u043b\u043e\u0433\u0435 gitlab-rails/production_json.log \u043d\u0430\u043b\u0438\u0447\u0438\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043a \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0443 /users/password \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u043c\u0430\u0441\u0441\u0438\u0432\u0430 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 email \u0432 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0435 \"`params.value.email`\". \u0422\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432 \u043b\u043e\u0433\u0435 gitlab-rails/audit_json.log \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0441\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c PasswordsController#create \u0432 meta.caller.id \u0438 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u043c\u0430\u0441\u0441\u0438\u0432\u0430 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0432 \u0431\u043b\u043e\u043a\u0435 target_details. \u0410\u0442\u0430\u043a\u0430 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0434\u043e\u0432\u0435\u0434\u0435\u043d\u0430 \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u043f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 GitLab 16.1.0, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043f\u043e\u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043a\u043e\u0434\u0430 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043d\u0435\u0432\u0435\u0440\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0430\u0441\u043d\u043e\u0439 email-\u0430\u0434\u0440\u0435\u0441.\n\n>", "creation_timestamp": "2024-02-29T17:05:05.000000Z"}, {"uuid": "a16698b8-d9cf-48af-b993-30370b1a7380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9040", "content": "Walkthrough of CVE-2023-7028 - Account Takeover via Password Reset\n\nhttps://youtu.be/ydg95R2QKwM?si=67uHSktsboqAoNft", "creation_timestamp": "2024-08-19T08:51:00.000000Z"}, {"uuid": "7aff1688-f944-4c09-9cb6-c4c01826a508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1833", "content": "https://github.com/V1lu0/CVE-2023-7028\n\n#github #poc", "creation_timestamp": "2024-01-12T17:03:19.000000Z"}, {"uuid": "95a129f4-4795-459c-82b1-e6b795e3fcd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/S_E_Reborn/4413", "content": "\u041a\u0443\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitLab - \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0430\u0440\u043e\u043b\u044f \u043e\u0442 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430 \u043d\u0430 \u043b\u0435\u0432\u044b\u0439 email (CVE-2023-7028). \ud83e\udd26\u200d\u2642\ufe0f\ud83d\ude42 \u0423\u044f\u0437\u0432\u0438\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0438 GitLab CE/EE \u0441 16.1.0. CVSS 10. \u041f\u0430\u0442\u0447\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b.\n\n\"\u041a\u0430\u043a \u044d\u0442\u043e \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e?\n\n\u0412 \u0432\u0435\u0440\u0441\u0438\u0438 16.1.0 \u0431\u044b\u043b\u043e \u0432\u043d\u0435\u0441\u0435\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u043f\u0430\u0440\u043e\u043b\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u0434\u0440\u0435\u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0432\u0435\u0440\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b.\" \n\n\u0412 \u043c\u0438\u043a\u0440\u043e\u0431\u043b\u043e\u0433\u0430\u0445 \u043f\u0438\u0448\u0443\u0442, \u0447\u0442\u043e PoC \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0442\u0430\u043a\u043e\u0439: \n\nuser[email][]=valid@email.com&user[email][]=attacker@email.com\n\nupd. \u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 GitHub\n\n\"\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0443 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f, \u043d\u043e \u043d\u0435 \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0442\u043e\u0440\u043e\u0439 \u0444\u0430\u043a\u0442\u043e\u0440 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\"\n\n\u0414\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043a\u0430 \u0440\u0443\u043b\u0438\u0442. GitLab - \u0440\u0435\u0448\u0435\u0442\u043e. \ud83d\ude42 \n\n@avleonovrus #GitLab", "creation_timestamp": "2024-01-16T19:27:36.000000Z"}, {"uuid": "330011b3-6b7c-4b55-9e6a-ccd03344bff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9775", "content": "#exploit\n1. CVE-2024-20656:\nLPE in Visual Studio StandardCollectorService150 Service\nhttps://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service\n]-> PoC: https://github.com/Wh04m1001/CVE-2024-20656\n\n2. CVE-2023-7028:\nAccount-Take-Over Gitlab\nhttps://github.com/Vozec/CVE-2023-7028", "creation_timestamp": "2024-01-13T14:48:20.000000Z"}, {"uuid": "31d6dad7-fa11-4492-ba43-04db64b6dae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/LearnExploit/6001", "content": "CVE-2023-7028 - GitLab CE/EE Account Takeover via Password Reset without user interactions \n\nHunter query: `product.name=\"Gitlab\"`\n\nHunter\n\n#hunter \n\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-01-12T14:50:12.000000Z"}, {"uuid": "2d8df64b-4867-4303-bb82-9ff64c128f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/6009", "content": "proof of concept of CVE-2023-7028\n\nGithub\n\n#CVE #POC \n\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-01-13T10:34:14.000000Z"}, {"uuid": "960ed82b-53cf-4ba5-8070-3aa80671c455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5995", "content": "CVE-2023-7028 - GitLab CE/EE Account Takeover via Password Reset without user interactions \n\nPoc: user[email][]=valid@email.com&user[email][]=attacker@email.com\n\n#CVE #POC \n\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2024-01-12T10:50:50.000000Z"}, {"uuid": "75839ec8-e8bc-4c4a-a8f9-edb134d7c67e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "published-proof-of-concept", "source": "Telegram/6sNdA-Uz5SQzukZepvnCSGnpzFdkXDLbvFUhDXNXSqFRlA", "content": "", "creation_timestamp": "2024-10-30T21:13:02.000000Z"}, {"uuid": "60735ea6-aefe-4ae8-a483-d03b848aa974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/CyberSachok/1632", "content": "\u0411\u0430\u0433 \u0432 GitLab, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0449\u0438\u0439 \u0431\u043e\u043b\u0435\u0435 10 \u0442\u044b\u0441\u044f\u0447\u0430\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0432 \u043d\u043e\u0432\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. CVE-2023-7028, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0431\u044b\u043b\u0430 \u0440\u0435\u0447\u044c \u0432 \u0434\u043e\u043a\u043b\u0430\u0434\u0435 \u041d\u041a\u0426\u041a\u0418, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 10 \u0438\u0437 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e CVSS \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Netlas \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b GitLab \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u0430\u0434\u0440\u0435\u0441\u0430\u0445 \u043d\u0430\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 10 000 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a. \u042d\u0442\u043e \u0442\u0440\u0435\u0442\u044c\u0435 \u043c\u0435\u0441\u0442\u043e \u0432 \u043c\u0438\u0440\u0435. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a \u0441\u043b\u043e\u0432\u0443, \u043e\u0442\u043b\u0438\u0447\u043d\u043e \u0432\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u0440\u0435\u043d\u0434 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043b\u0435\u0442: \u0430\u0442\u0430\u043a\u0430 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0437\u0430\u043a\u043b\u0430\u0434\u043a\u0438 \u0432 \u043a\u043e\u0434, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0432\u0448\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \n\n\u041d\u041a\u0426\u041a\u0418 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u0442\u0447\u0438 \u043e\u0442 \u0432\u0435\u043d\u0434\u043e\u0440\u0430 \u043d\u0443\u0436\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u00ab\u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432\u00bb. \n\n\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u0442\u043e\u0440\u043e\u043f\u0438\u0442\u044c\u0441\u044f \u0441 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0443\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e. \n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0438 \u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u0440\u0430\u043d\u0434\u043e\u043c\u043d\u0443\u044e \u043f\u043e\u0447\u0442\u0443(\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0442\u0443, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u043d \u0437\u0430\u0445\u043e\u0447\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043a\u0430\u043a \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u0443\u044e), \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0441\u043c\u043e\u0436\u0435\u0442 \u0441\u043f\u0430\u0441\u0442\u0438. \n\n@cybersachok", "creation_timestamp": "2024-01-15T20:22:58.000000Z"}, {"uuid": "921b832f-a3b2-4fe2-9de9-f9e7df9e6982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/CyberSachok/1642", "content": "\u041a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c 700 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 GitLab \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0439 \u0441\u0435\u0442\u0438. \n\n\u041f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043f\u0430\u0442\u0447\u0430 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0448\u043b\u043e \u0443\u0436\u0435 \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438. CVE-2023-7028 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0433\u043d\u0430\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0436\u0435\u0440\u0442\u0432\u044b \u0431\u0435\u0437 \u0435\u0435 \u0443\u0447\u0430\u0441\u0442\u0438\u044f. \n\n\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0442\u0435\u043c, \u043a\u0442\u043e \u0437\u0430 \u0432\u0440\u0435\u043c\u044f \u0441 \u0432\u044b\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 GitLab, \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0435\u0442 \u043c\u0430\u043b\u043e. \u0412\u0441\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u043d\u0430 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e. \n\n\u041a\u0430\u043a \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u2014 \u0432 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0435 \u043e\u0442 GitLab. \n\n@cybersachok", "creation_timestamp": "2024-01-25T18:07:44.000000Z"}, {"uuid": "bbf4d8a2-1770-4dda-b0eb-493da72f74c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7028", "type": "seen", "source": "https://t.me/sysodmins/20684", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitLab \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0447\u0451\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u2328\ufe0f\n\nGitLab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f Community \u0438 \u0434\u043b\u044f Enterprise Edition \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0441\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b DevSecOps (\u0434\u043b\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u0440\u0443\u0447\u043d\u0443\u044e).\n\n\u25aa\ufe0f \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 CVE-2023-7028 \u0438\u043c\u0435\u0435\u0442 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0431\u0430\u043b\u043b \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u0438 (10 \u0438\u0437 10). \u042d\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u044f \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b.\n\n\u25aa\ufe0f \u0412\u0442\u043e\u0440\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0430 \u043a\u0430\u043a CVE-2023-5356 \u0438 \u0438\u043c\u0435\u0435\u0442 \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u0438 9,6 \u0438\u0437 10. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0451 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0435\u0439 Slack/Mattermost \u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u043b\u044d\u0448-\u043a\u043e\u043c\u0430\u043d\u0434 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0422\u0438\u043f\u0438\u0447\u043d\u044b\u0439 \ud83c\udf84 \u0421\u0438\u0441\u0430\u0434\u043c\u0438\u043d", "creation_timestamp": "2024-01-14T06:14:04.000000Z"}]}