GitLab has recently rolled out an emergency update, patching a critical path traversal vulnerability. Users must ensure running the latest patched releases to avoid potential risks.
Path Traversal Vulnerability Riddled Gitlab
According to a recent security bulletin from GitLab, the service has rolled out another major update to the platform. As described, a critical severity vulnerability existed in GitLab that could allow a remote unauthenticated adversary to access files in a public project.
Specifically, the firm described the issue as a path traversal vulnerability allowing arbitrary file read. An attacker may exploit the flaw to “read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.”
GitLab labeled this flaw (CVE-2023-2825) with maximum severity rating, giving it a CVSS score of 10.0. The vulnerability typically affected GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. And the firm patched the issue with the release of version 16.0.1 for GitLab CE/EE.
Besides releasing the fix, GitLab credited the security researcher “pwnie” for reporting the bug via their HackerOne bug bounty program.
For now, the service refrained from sharing further details about the vulnerability. Apparently, it’s a wise step given the highly critical nature of the flaw and the potential risks it could cause to GitLab users if exploited in the wild.
GitLab web versions need no further input from the users as the service has already patched the platform. However, for users running GitLab installations, especially version 16.0.0, the firm urged them to update their devices with the patched release at the earliest.
Besides the fix, no workaround exists to mitigate the flaw, except the fact that it requires a particular structure (an attachment in a public project nested within five groups) which may not apply to all projects. Also, the vulnerability does not affect any GitLab CE/EE releases before version 16.0.0.
Nonetheless, it’s still essential for users to update their systems immediately to remain safe from potential exploitation.
Let us know your thoughts in the comments.