module
GitLab Password Reset Account Takeover
| Disclosed |
|---|
| Jan 11, 2024 |
Disclosed
Jan 11, 2024
Description
This module exploits an account-take-over vulnerability that allows users
to take control of a gitlab account without user interaction.
The vulnerability lies in the password reset functionality. Its possible to provide 2 emails
and the reset code will be sent to both. It is therefore possible to provide the e-mail
address of the target account as well as that of one we control, and to reset the password.
2-factor authentication prevents this vulnerability from being exploitable. There is no
discernable difference between a vulnerable and non-vulnerable server response.
Vulnerable versions include:
16.1
16.2
16.3
16.4
16.5
16.6
and 16.7
to take control of a gitlab account without user interaction.
The vulnerability lies in the password reset functionality. Its possible to provide 2 emails
and the reset code will be sent to both. It is therefore possible to provide the e-mail
address of the target account as well as that of one we control, and to reset the password.
2-factor authentication prevents this vulnerability from being exploitable. There is no
discernable difference between a vulnerable and non-vulnerable server response.
Vulnerable versions include:
16.1
16.2
16.3
16.4
16.5
16.6
and 16.7
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.