GitLab - Account Takeover via Password Reset (CVE-2023-7028)

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

GitLab CE/EE版本自16.1至16.1.6，16.2至16.2.9，16.3至16.3.7，16.4至16.4.5，16.5至16.5.6，16.6至16.6.4，以及16.7至16.7.2期间均存在一个漏洞，该漏洞影响所有这些版本。漏洞表现为用户账户密码重置邮件可能被发送至未经验证的电子邮件地址。