More than 5,300 Gitlab servers were hit by a zero-click account takeover attack
More than 5,300 GitLab servers connected to the internet are vulnerable to zero-click account takeover CVE-2023-7028 (CVSS score: 10.0) announced by GitLab earlier this month. This vulnerability allows an attacker to send a password reset email for a targeted account to an email address controlled by the attacker, allowing the attacker to change the password and take over the account. Account takeover will not be successful if the target has 2FA enabled, because the attacker will not be able to log in if they do not have control over two-factor authentication (2FA).
Currently, 13 days after the security update became available, threat monitoring service ShadowServer reports seeing 5,379 GitLab instances that are vulnerable to attack. Most servers with the vulnerability were in the United States (964), followed by Germany (730), Russia (721), China (503), France (298), the United Kingdom (122), India (117), and Canada (99 ).