Path traversal vulnerability in GitLab CE/EE - CVE-2023-2825 (rpm)ID: oval:org.secpod.oval:def:90048 | Date: (C)2023-05-30 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with GitLab CE/EE 16.0.0 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle the limitation of a pathname to a restricted directory. Successful exploitation allows an unauthenticated attacker to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
Product: |
gitlab-ce |
gitlab-ee |