arbitrary file reading vulnerability

GitLab Arbitrary File Read Vulnerability (CVS 2023-2825)

maio 29, 2023

Overview Recently, NSFOCUS CERT found that GitLab officially issued a security notice, fixing an arbitrary file reading vulnerability (CVE-2023-2825) in GitLab Community Edition (CE) and Enterprise Edition (EE). When there are attachments in public projects nested in at least five groups, unauthenticated remote attackers use the upload function to traverse the path, resulting in reading […]


Inscreva-se no Blog da NSFOCUS