CISA has included a new vulnerability, CVE-2023-7028, related to GitLab Community and Enterprise Editions Improper Access Control, in its Known Exploited Vulnerabilities Catalog. This catalog aims to list vulnerabilities actively exploited by cyber actors and poses risks to the federal enterprise. Federal Civilian Executive Branch (FCEB) agencies are mandated under Binding Operational Directive (BOD) 22-01 to address these vulnerabilities to protect their networks
Although the directive applies to FCEB agencies, CISA encourages all organizations to prioritize timely remediation of these vulnerabilities for cyberattack prevention. The Known Exploited Vulnerabilities Catalog is a living list that will be continuously updated by CISA based on specific criteria. ```https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-adds-one-known-exploited-vulnerability-catalog