The vulnerability (CVE-2023-7028) allows attackers to reset passwords through unverified email addresses, affecting all self-managed instances of GitLab Community Edition and Enterprise Edition.