{"id":27964,"date":"2024-01-13T05:42:36","date_gmt":"2024-01-13T05:42:36","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=27964"},"modified":"2026-04-17T18:07:39","modified_gmt":"2026-04-17T18:07:39","slug":"gitlab-arbitrary-user-password-reset-vulnerability","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/gitlab-arbitrary-user-password-reset-vulnerability\/","title":{"rendered":"GitLab Arbitrary User Password Reset Vulnerability"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including two serious vulnerabilities. Affected users should take protective measures as soon as possible.<\/p>\n\n\n\n<p><strong>CVE-2023-7028<\/strong>: In GitLab CE\/EE, users can reset their passwords through the auxiliary email address. Due to errors in the email verification process, attackers can send emails that reset account passwords to unverified mailboxes and take over accounts by resetting passwords without user interaction. The CVSS score is 10.<\/p>\n\n\n\n<p><strong>CVE-2023-5356<\/strong>: The attacker can abuse the Slack\/Mattermost integration to execute slash commands as other users by checking improper vulnerabilities, with a CVSS score of 9.6.<\/p>\n\n\n\n<p>Reference link:<a href=\"https:\/\/about.gitlab.com\/releases\/2024\/01\/11\/critical-security-release-gitlab-16-7-2-released\/\"> https:\/\/about.gitlab.com\/releases\/2024\/01\/11\/critical-security-release-gitlab-16-7-2-released\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Scope of Impact<\/h2>\n\n\n\n<p><strong>Affected version<\/strong><\/p>\n\n\n\n<p>CVE-2023-7028<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>16.1 &lt;= GitLab CE\/EE &lt; 16.1.5<\/li>\n\n\n\n<li>16.2 &lt;= GitLab CE\/EE &lt; 16.2.8<\/li>\n\n\n\n<li>16.3 &lt;= GitLab CE\/EE &lt; 16.3.6<\/li>\n\n\n\n<li>16.4 &lt;= GitLab CE\/EE &lt; 16.4.4<\/li>\n\n\n\n<li>16.5 &lt;= GitLab CE\/EE &lt; 16.5.6<\/li>\n\n\n\n<li>16.6 &lt;= GitLab CE\/EE &lt; 16.6.4<\/li>\n\n\n\n<li>16.7 &lt;= GitLab CE\/EE &lt; 16.7.2<\/li>\n<\/ul>\n\n\n\n<p>CVE-2023-5356<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>8.13 &lt;= GitLab CE\/EE &lt; 16.5.6<\/li>\n\n\n\n<li>16.6 &lt;= GitLab CE\/EE &lt; 16.6.4<\/li>\n\n\n\n<li>16.7 &lt;= GitLab CE\/EE &lt; 16.7.2<\/li>\n<\/ul>\n\n\n\n<p><strong>Unaffected version<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GitLab CE\/EE &gt;= 16.5.6<\/li>\n\n\n\n<li>GitLab CE\/EE &gt;= 16.6.4<\/li>\n\n\n\n<li>GitLab CE\/EE &gt;= 16.7.2<\/li>\n<\/ul>\n\n\n\n<p>Note: Repair procedures for CVE-2023-7028 have been migrated back to 16.1.6, 16.2.9, 16.3.7 and 16.4.5.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Detection<\/h2>\n\n\n\n<p><strong>Version detection<\/strong><\/p>\n\n\n\n<p>Relevant users can determine whether the current application has risks through version detection.<\/p>\n\n\n\n<p>Use the following command to view the currently used GitLab version:<\/p>\n\n\n\n<p class=\"has-cyan-bluish-gray-background-color has-background\">cat \/opt\/gitlab\/embedded\/service\/gitlab-rails\/VERSION<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a.jpg\"><img decoding=\"async\" width=\"567\" height=\"30\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-27965\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a.jpg 567w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-300x16.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-200x11.jpg 200w\" sizes=\"(max-width: 567px) 100vw, 567px\" \/><\/a><\/figure>\n\n\n\n<p>If the current version is affected, there may be a security risk.<\/p>\n\n\n\n<p><strong>Attack screening<\/strong><\/p>\n\n\n\n<p>Relevant users can check whether there is any exploit attempt of CVE-2023-7028 vulnerability by viewing the application log:<\/p>\n\n\n\n<p>1. Check gitlab-rails\/production_json.log to see if there is an HTTP request pointing to the \/users\/password path, which contains params.value.email and consists of a json array with multiple email addresses.<\/p>\n\n\n\n<p>2. Check gitlab-rails\/audit_json.log for entries containing PasswordsController#create and target_details for meta.caller.id, which consist of a json array with multiple e-mail address.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Mitigation<\/h2>\n\n\n\n<p><strong>Official upgrade<\/strong><\/p>\n\n\n\n<p>At present, the above vulnerabilities have been officially fixed in the latest version. Please upgrade the version for protection as soon as possible. The official download link: <a href=\"https:\/\/about.gitlab.com\/update\/\">https:\/\/about.gitlab.com\/update\/<\/a><\/p>\n\n\n\n<p><strong>Other protective measures<\/strong><\/p>\n\n\n\n<p>If the relevant users cannot upgrade for the time being, the following measures can also be taken to temporarily relieve CVE-2023-7028:<\/p>\n\n\n\n<p>Enable Two-Factor Authentication (2FA) for all GitLab accounts, especially users with advanced privileges (e.g. administrator accounts); access to the target application can be restricted without impacting business.<\/p>\n\n\n\n<p>Note: SSO users (such as SAML) are affected, but LDAP users will not be affected because there is no forget\/reset password option.<\/p>\n\n\n\n<p>If 2FA has been enabled, the attacker will not be able to take over the account and requires a second authentication factor to log in, but it can still reset its password.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statement<\/h2>\n\n\n\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About NSFOCUS<\/h2>\n\n\n\n<p>NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company&acirc;&euro;&trade;s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.<\/p>\n\n\n\n<p>NSFOCUS works with Fortune Global 500 companies, including four of the world&acirc;&euro;&trade;s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).<\/p>\n\n\n\n<p>A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including two serious vulnerabilities. Affected users should take protective measures as soon as possible. CVE-2023-7028: In GitLab CE\/EE, users can reset their passwords through the auxiliary email address. Due [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":35666,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[435],"class_list":["post-27964","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response","tag-gitlab-cve-2023-7028-cve-2023-5356"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-13T05:42:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"GitLab Arbitrary User Password Reset Vulnerability\",\"datePublished\":\"2024-01-13T05:42:36+00:00\",\"dateModified\":\"2026-04-17T18:07:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/\"},\"wordCount\":720,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/0117a-1.jpg\",\"keywords\":[\"GitLab CVE-2023-7028 CVE-2023-5356\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/\",\"name\":\"GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/0117a-1.jpg\",\"datePublished\":\"2024-01-13T05:42:36+00:00\",\"dateModified\":\"2026-04-17T18:07:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/0117a-1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/0117a-1.jpg\",\"width\":567,\"height\":30,\"caption\":\"Terminal displaying GitLab version number 11.0.6.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/gitlab-arbitrary-user-password-reset-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitLab Arbitrary User Password Reset Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS","og_description":"Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab","og_url":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/","og_site_name":"NSFOCUS","article_published_time":"2024-01-13T05:42:36+00:00","article_modified_time":"2026-04-17T18:07:39+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS","twitter_description":"Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed multiple security vulnerabilities in GitLab","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"GitLab Arbitrary User Password Reset Vulnerability","datePublished":"2024-01-13T05:42:36+00:00","dateModified":"2026-04-17T18:07:39+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/"},"wordCount":720,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg","keywords":["GitLab CVE-2023-7028 CVE-2023-5356"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/","url":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/","name":"GitLab Arbitrary User Password Reset Vulnerability - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg","datePublished":"2024-01-13T05:42:36+00:00","dateModified":"2026-04-17T18:07:39+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/01\/0117a-1.jpg","width":567,"height":30,"caption":"Terminal displaying GitLab version number 11.0.6."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/gitlab-arbitrary-user-password-reset-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"GitLab Arbitrary User Password Reset Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/27964","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=27964"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/27964\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/35666"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=27964"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=27964"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=27964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}