GitLab Critical Security Advisory - 20240115002 (#701)

* 20240416004-Critical-Rust-Standard-Library-Vulnerability * Format markdown files * 20240419002-Oracle-Critical-Patch-Update-for-April-2024 * Format markdown docs * 20240115002-GitLab-Critical-Security-Advisory * Format markdown docs * GitLab Critical Security Advisory - 20240115002 * Format markdown docs --------- Co-authored-by: GitHub Actions <actions@github.com> Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> Co-authored-by: TWangmo <TWangmo@users.noreply.github.com>
wagov · May 6, 2024 · f386ff8 · f386ff8
1 parent f70463b
commit f386ff8
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/docs/advisories/20240115002-GitLab-Critical-Security-Advisory.md b/docs/advisories/20240115002-GitLab-Critical-Security-Advisory.md
@@ -8,12 +8,14 @@ Additionally, GitLab has noted "*These versions contain important security fixes
 
 ## What is the Vulnerability?
 
-| CVE                                                             | Severity     | CVSS Score | Summary                                                                                                                                     |
-| --------------------------------------------------------------- | ------------ | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
-| [CVE-2023-7028](https://nvd.nist.gov/vuln/detail/CVE-2023-7028) | **Critical** | 10         | An issue has been discovered in GitLab CE/EE in which user account password reset emails could be delivered to an unverified email address. |
+| CVE                                                             | Severity     | CVSS Score | Summary                                                                                                                                     | Exploied | Dated       |
+| --------------------------------------------------------------- | ------------ | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------- |
+| [CVE-2023-7028](https://nvd.nist.gov/vuln/detail/CVE-2023-7028) | **Critical** | 10         | An issue has been discovered in GitLab CE/EE in which user account password reset emails could be delivered to an unverified email address. | Yes      | 1 May, 2024 |
 
 ## What is vulnerable?
 
+CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
 The vulnerability affects the following products:
 
 GitLab - All deployment types: