ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedJanuary 16, 2024
UpdatedMarch 8, 2024
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:"/users/password"; http.request_body; content:"authenticity_token|3d|"; startswith; pcre:"/^[A-Za-z0-9_]{86}/R"; content:"&user%5Bemail%5D%5B%5D|3d|"; fast_pattern; nocase; content:"&user%5Bemail%5D%5B%5D|3d|"; within:100; reference:url,attackerkb.com/topics/VBDvNxhyjr/cve-2023-7028 ; reference:cve,2023-7028 ; classtype:attempted-admin; sid:2050097; rev:2; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2024_01_16, cve CVE_2023_7028, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_03_08, reviewed_at 2024_10_03; target:dest_ip;)
References
Metadata
affected productWeb_Server_Applications
attack targetWeb_Server
created at2024_01_16
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
tagCISA_KEV
updated at2024_03_08
reviewed at2024_10_03
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!