Skip to content
/ CVE-2023-7028-Docker Public

Repository to install CVE-2023-7028 vulnerable Gitlab instance

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Trackflaw/CVE-2023-7028-Docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

CVE-2023-7028 with Docker

🎯 Want to practice with the new gitlab CVE ? Follow the instructions

Build the lab

  1. Install Docker : https://docs.docker.com/get-docker/
  2. Clone the project : git clone https://github.com/Trackflaw/CVE-2023-7028-Docker.git.
  3. Go to the project : cd CVE-2023-7028-Docker
  4. Configure the Gitlab SMTP on docker-compose.yml.
  5. Change external_url 'http://gitlab.domain.com' and hostname: 'gitlab.domain.com' with your domain (internal/external no care).
  6. Launch the Docker Compose file : docker compose up -d.
  7. Connect on http://localhost
    • Username : admin
    • Password : Tr4ckfl4w4th3W1n
  8. Create an account to compromise with a valid mail adress.

PoC

A Proof of Concept video is available on Trackflaw blog : https://blog.trackflaw.com/en/compromise-gitlab-accounts-with-cve-2023-7028/

📹 Video link

Automation

Many PoCs are available online to automate the exploitation of this vulnerability:

About

Repository to install CVE-2023-7028 vulnerable Gitlab instance

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published