The vulnerability, tracked as CVE-2023-7028 impacts Gitlab CE/EE. They allow an unauthenticated attacker to gain access to a user account under some conditions.
For more details, please see this article on our website :
https://www.stormshield.com/news/security-alert-cve-2023-7028-stormshield-products-response/
The Stormhield Network Security (SNS) appliance protects you from that attack, thanks to dedicated IPS signatures. To work efficiently on HTTPS traffic, the SSL proxy needs to be enabled.
| ID | Name |
| http:mix.355 | Exploitation of an account takeover vulnerability in Gitlab (CVE-2023-7028) |