GitLab discloses critical path traversal vulnerability

Target Industry

Indiscriminate, opportunistic targeting.

Overview

GitLab has disclosed a critical path traversal vulnerability, tracked as CVE-2023-2825 (CVSSv3 Score – 10.0).

Impact

Successful exploitation of CVE-2023-2825 could allow an unauthenticated threat actor to read arbitrary files on the target server when an attachment exists in a public project nested within at least five groups. As a result, this could expose sensitive data, including proprietary software code, user credentials, tokens and files.

Affected Products

– GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.0

It should be noted that all previous versions are unaffected.

Containment, Mitigations & Remediations

It is strongly recommended that users apply the relevant security update to patch the flaw. Details can be found within the GitLab update page. This involves upgrading to version 16.0.1. At the time of writing, no workarounds exist.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are currently available.

Threat Landscape

GitLab has a significant portion of the software configuration management market. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, GitLab products could emerge as a prime target. Due to the fact that such software has become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Discovery Technique

– T1083 – File and Directory Discovery

Further Information

–GitLab Security Bulletin