CTI Flash Briefing:
GitLab releases emergency security update to address Maximum rated security path traversal flaw
Breakdown
GitLab Community Edition and Enterprise Editions, previously at version 16.0.0 have had an emergency patch released, version 16.0.1 due to a path traversal flaw rated at CVSS 10. Currently this does not apply to older versions, but anyone using either GitLab CE or EE 16.0.0 needs to patch immediately.
Overview
The mitigating factor at this time is that the vulnerability can only be triggered under specific conditions. Per GitLab’s advisory, “an unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups”. A security researcher reported this issue on GitLab’s instance of the HackOne bug bounty system.
Here are some additional details about the vulnerability:
The flaw arises from a path traversal problem that allows an unauthenticated attacker to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
The exploitation of CVE-2023–2825 could expose sensitive data, including proprietary software code, user credentials, tokens, files, and other private information.
This prerequisite suggests that the issue relates to how GitLab manages or resolves paths for attached files nested within several levels of group hierarchy. However, due to the criticality of the problem and the freshness of its discovery, not many details were disclosed by the vendor this time.
Recommendation
Install the security update immediately. For further technical details, GitLab has released a security bulletin.
Conclusion
To our current SOC partnerships, please reach out to our SOC team to learn more about the best steps in researching your exposure to this threat. If you have any questions on this on-going event or need any level of security assistance, please reach out to Hunter Strategy and we will be happy to discuss next steps in securing your IT systems!
Contact Us
contact@hunterstrategy.net
