From f386ff86d01a8b93a07160155aefc190f3fa0ca1 Mon Sep 17 00:00:00 2001
From: TWangmo <125948963+TWangmo@users.noreply.github.com>
Date: Mon, 6 May 2024 13:00:05 +0800
Subject: [PATCH] GitLab Critical Security Advisory - 20240115002 (#701)

* 20240416004-Critical-Rust-Standard-Library-Vulnerability

* Format markdown files

* 20240419002-Oracle-Critical-Patch-Update-for-April-2024

* Format markdown docs

* 20240115002-GitLab-Critical-Security-Advisory

* Format markdown docs

* GitLab Critical Security Advisory - 20240115002

* Format markdown docs

---------

Co-authored-by: GitHub Actions <actions@github.com>
Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
Co-authored-by: TWangmo <TWangmo@users.noreply.github.com>
---
 .../20240115002-GitLab-Critical-Security-Advisory.md      | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/advisories/20240115002-GitLab-Critical-Security-Advisory.md b/docs/advisories/20240115002-GitLab-Critical-Security-Advisory.md
index 56abad3d..60524f5d 100644
--- a/docs/advisories/20240115002-GitLab-Critical-Security-Advisory.md
+++ b/docs/advisories/20240115002-GitLab-Critical-Security-Advisory.md
@@ -8,12 +8,14 @@ Additionally, GitLab has noted "*These versions contain important security fixes
 
 ## What is the Vulnerability?
 
-| CVE                                                             | Severity     | CVSS Score | Summary                                                                                                                                     |
-| --------------------------------------------------------------- | ------------ | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
-| [CVE-2023-7028](https://nvd.nist.gov/vuln/detail/CVE-2023-7028) | **Critical** | 10         | An issue has been discovered in GitLab CE/EE in which user account password reset emails could be delivered to an unverified email address. |
+| CVE                                                             | Severity     | CVSS Score | Summary                                                                                                                                     | Exploied | Dated       |
+| --------------------------------------------------------------- | ------------ | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------- |
+| [CVE-2023-7028](https://nvd.nist.gov/vuln/detail/CVE-2023-7028) | **Critical** | 10         | An issue has been discovered in GitLab CE/EE in which user account password reset emails could be delivered to an unverified email address. | Yes      | 1 May, 2024 |
 
 ## What is vulnerable?
 
+CISA added this vulnerability in their [Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
 The vulnerability affects the following products:
 
 GitLab - All deployment types: