nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

non-intrusive template for CVE-2023-7028 GitLab

Open h4sh5 opened this issue 1 year ago • 2 comments

Template / PR Information

  • Added CVE-2023-7028
  • References:
    • https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-zero-click-account-hijacking-vulnerability/
    • https://gitlab.com/gitlab-org/gitlab/-/commit/c571840ba2f0e91ca7ec3c436f796532dbb3c550#27e06e15cfe9583d733619cf7d72629b777f7757_41290_41287
    • https://nvd.nist.gov/vuln/detail/CVE-2023-7028

Template Validation

I've validated this template locally?

  • [x] YES
  • [ ] NO

Additional Details (leave it blank if not applicable)

  • shodan query: product:gitlab (but no version matching available due to GitLab not showing version numbers to unauthed users)

h4sh5 avatar Jan 13 '24 07:01 h4sh5

https://github.com/projectdiscovery/nuclei-templates/pull/8937#issuecomment-1890943126

DhiyaneshGeek avatar Jan 15 '24 09:01 DhiyaneshGeek

Reopened this PR as we will soon be adding a category for mitigation and patch-related templates. Thank you for your contribution

princechaddha avatar Jan 17 '24 19:01 princechaddha

Closing this PR as it is producing false positive results. Even for mitigation or patch detection templates, we need strict matchers to ensure they won't be matched on non-vulnerable hosts. If you think otherwise, please feel free to reopen the PR.

You can join our discord server. It's a great place to connect with fellow contributors and stay updated on the latest developments. Thank you once again

princechaddha avatar Mar 06 '24 09:03 princechaddha