CVE-2023-7028CISA KEVEPSS p99.9%

CVE-2023-7028GitLab Community and Enterprise Editions Improper Access Control Vulnerability

GitLab / GitLab CE/EE

Description

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Scoring

EPSS94.95% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2024-05-01

(incoming)1

TypeTargetConfidenceTier
KEVEntryGitLab Community and Enterprise Editions Improper Access Control Vulnerabilitykev-cve-2023-70280%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9642
CVE
CVE-2026-2745
CVE
CVE-2025-2938
CVE
CVE-2025-12029
CVE
CVE-2025-6948
CVE
CVE-2025-2242
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.