GitLab has released an emergency update for a path traversal vulnerability (CVE-2023-2825). On successful exploitation, the vulnerability may allow an attacker to read arbitrary files on the server. The vulnerability has been rated critical, with a maximum CVSS score of 10. A security researcher named Pwnie discovered this vulnerability and reported it to GitLab via the HackerOne bug bounty program.
GitLab is an open-source code repository and collaborative software development platform. The DevOps software suite can create, protect, and manage software in a single program. It provides a place for online code storage and tools for CI/CD and bug tracking.
Description
An unauthenticated malicious attacker may exploit this path traversal vulnerability to read an arbitrary file on the server when an attachment is present in a public project that is nested within at least five groups.
Affected Versions
The vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.0.
Note: All versions older than GitLab EE/CE 16.0.0 are unaffected by this vulnerability.
Mitigation
GitLab has patched the vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.1.
For more information, please refer to the GitLab Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QID 378519 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/