|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-29 | |
| Rule Name: | GitLab Path Traversal Vulnerability (CVE-2023-2825) | |
| Severity: | High | |
| CVE ID: | CVE-2023-2825 | |
| Rule Protection Details |
|---|
| Description: | An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://hackerone.com/reports/1994725 https://gitlab.com/gitlab-org/gitlab/-/issues/412371 https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json https://cxsecurity.com/cveshow/CVE-2023-2825/ |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/ |