Is CVE-2023-7028 exploitable?

Yes — CVE-2023-7028 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2023-7028 a false positive?

No practitioners have marked CVE-2023-7028 a false positive so far (3 verdicts).

How do I remediate CVE-2023-7028?

See the authoritative references (NVD, vendor advisory) and community field notes on this page for remediation guidance.

CVE-2023-7028

is CVE-2023-7028real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

Critical · CVSS 10EPSS 95.0%CISA KEVCWE-640

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

References

NVD MITRE CVE.org CISA KEV

Published Jan 12, 2024

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2023-7028/badge.svg)](https://www.truepositive.app/cve/CVE-2023-7028)

HTML

<a href="https://www.truepositive.app/cve/CVE-2023-7028"><img src="https://www.truepositive.app/cve/CVE-2023-7028/badge.svg" alt="TruePositive verdict for CVE-2023-7028"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

3 verdicts

Not a real issue

to add your verdict.

Community real-world severity: Critical (Critical 3) — CVSS base score 10

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.