Path Traversal Vulnerability in GitLab CE/EE Versions
CVE-2023-2825
Key Information:
Badges
Summary
An exploit in GitLab CE/EE allows an unauthenticated user to leverage a path traversal vulnerability. This issue is particularly impactful in version 16.0.0, enabling attackers to read an arbitrary file on the server if the target file is associated with an attachment within a public project that exists in a nested structure of at least five groups. Organizations using this version of GitLab should take immediate action to mitigate potential risks.
Affected Version(s)
GitLab 16.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
LinkedInCVE-2023-2825Komodo Cyber Security {www.komodosec.com} on LinkedIn: CVE-2023-2825: Critical bug in GitLab with CVSS score of 10
#Vulnerability #CVE20232825 CVE-2023-2825: Critical bug in GitLab with CVSS score of 10
2 years ago
References
EPSS Score
74% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
Vulnerability published
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by LinkedIn
Vulnerability Reserved