Today we have a brand new set of labs related to CVE-2023-7028 (GitLab Account Takeover)
On Friday, January 12, 2024, NVD released information on a new vulnerability in GitLab in which an attacker could completely take over a users' account by abusing a logic error in the password reset functionality. Successful exploitation could allow an attacker to access incredibly sensitive data such as code, credential files, and much more, meaning attackers could change the code left in GitLab to affect publicly released products in a way similar to the SolarWinds hack.
Who's it for?
- SOC Analysts
- Threat Hunters
- Incident Responders
- Penetration Testers
What are the key takeaways?
- Identify the account takeover vulnerability in the GitLab v.16.2.4 server
- Identify evidence of exploitation and the logs left behind from successful exploitation
- Demonstrate the account takeover vulnerability in GitLab v.16.2.4 server
CyberPro licensed users can access the new CTI labs by following the links below.
Updated 7 months ago
Version 2.0
BenMcCarthy
Immerser
Immerser