GitLab has released an emergency update for a path traversal vulnerability (CVE-2023-2825). On successful exploitation, the vulnerability may allow an attacker to read arbitrary files on the server. The vulnerability has been rated critical, with a maximum CVSS score of 10. A security researcher named Pwnie discovered this vulnerability and reported it to GitLab via … Continue reading “GitLab Releases Patch to Address Critical Path Traversal Vulnerability (CVE-2023-2825)”
Tag: GitLab
GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)
GitLab has released updates to address a remote code execution flaw for its GitLab Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2022-2884, the vulnerability is rated as critical and is assigned a CVSS score of 9.9. An authenticated attacker could exploit this vulnerability to execute commands remotely on vulnerable systems via Import from GitHub API … Continue reading “GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)”
GitLab Unauthenticated Remote Code Execution Vulnerability (CVE-2021-22205)
GitLab is a web-based DevOps lifecycle solution built by GitLab Inc. providing unrivaled insight and productivity across the DevOps lifecycle in a single application. GitLab has released an update for a significant remote code execution (RCE) vulnerability (CVE-2021-22205) in GitLab’s web interface. This vulnerability has been regularly exploited in the wild and has caused a vast … Continue reading “GitLab Unauthenticated Remote Code Execution Vulnerability (CVE-2021-22205)”