Blog Post

The Human Connection Blog
1 MIN READ

New Cyber Threat Intelligence Lab release!

BenMcCarthy's avatar
BenMcCarthy
Icon for Immerser rankImmerser
6 months ago

Today we have a brand new set of labs related to CVE-2023-7028 (GitLab Account Takeover)

On Friday, January 12, 2024, NVD released information on a new vulnerability in GitLab in which an attacker could completely take over a users' account by abusing a logic error in the password reset functionality. Successful exploitation could allow an attacker to access incredibly sensitive data such as code, credential files, and much more, meaning attackers could change the code left in GitLab to affect publicly released products in a way similar to the SolarWinds hack.

Who's it for?

  • SOC Analysts
  • Threat Hunters
  • Incident Responders
  • Penetration Testers

What are the key takeaways?

  • Identify the account takeover vulnerability in the GitLab v.16.2.4 server
  • Identify evidence of exploitation and the logs left behind from successful exploitation
  • Demonstrate the account takeover vulnerability in GitLab v.16.2.4 server

CyberPro licensed users can access the new CTI labs by following the links below. 

CVE-2023-7028 (GitLab Account Takeover) - Offensive

CVE-2023-7028 (GitLab Account Takeover) - Defensive

Updated 6 months ago
Version 2.0
No CommentsBe the first to comment