GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)

GitLab has released an emergency update for a path traversal vulnerability (CVE-2023-2825). On successful exploitation, the vulnerability may allow an attacker to read arbitrary files on the server. The vulnerability has been rated critical, with a maximum CVSS score of 10. A security researcher named Pwnie discovered this vulnerability and reported it to GitLab via the HackerOne bug bounty program.

GitLab is an open-source code repository and collaborative software development platform. The DevOps software suite can create, protect, and manage software in a single program. It provides a place for online code storage and tools for CI/CD and bug tracking.

Description

An unauthenticated malicious attacker may exploit this path traversal vulnerability to read an arbitrary file on the server when an attachment is present in a public project that is nested within at least five groups.

Affected Versions

The vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.0.

Note: All versions older than GitLab EE/CE 16.0.0 are unaffected by this vulnerability.

Mitigation

GitLab has patched the vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.1.

For more information, please refer to the GitLab Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 378519 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References 

https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/

Leave a Reply

Your email address will not be published. Required fields are marked *