Gitlab - Arbitrary File Read (CVE-2023-2825)
- Severity
- CVSSv3 Score
- 7.5
- Vulnerability description
Gitlab is vulnerable to CVE-2023-2825, a Path Traversal vulnerability that can be leveraged to achieve arbitrary file read, affecting two files,
/app/uploaders/object_storage.rb
and/app/controllers/concerns/uploads_actions.rb
. The root cause of this vulnerability is improper sanitization of user-provided input in the URL by accessing at least five nested groups of a project. This vulnerability allows an unauthenticated remote attacker to exploit a Path Traversal vulnerability, leading to an Arbitrary File Read.- Risk description
The risk exists that an unauthenticated remote attacker could leverage the path traversal vulnerability to read files from the server and stealing confidential information or pivot to the internal network.
- Exploit capabilities
Sniper can read arbitrary files from the target system and extract them as evidence.
- Recommendation
Update the GitLab server to one of the currently fixed versions: 16.0.1.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- May 2023
- Published at
- Updated at
- Software Type
- Version Control System
- Vendor
- GitLab Inc
- Product
- GitLab