← back
CVE-2023-2825

CVE-2023-2825

CVSS 10 CRITICALEPSS 71.6%CWE-22
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Affected products
GitLab · GitLab
public PoCs found7
githubgithub.com/Occamsec/CVE-2023-2825140githubgithub.com/Groppoxx/CVE-2023-2825-PoC4githubgithub.com/Rubikcuv5/CVE-2023-28250githubgithub.com/cc3305/CVE-2023-28250githubgithub.com/alej6/MassCyberCenter-Mentorship-Project-0githubgithub.com/caopengyan/CVE-2023-28250githubgithub.com/Tornad0007/CVE-2023-2825-Gitlab0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/412371https://hackerone.com/reports/1994725