Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2825 PoC — GitLab 路径遍历漏洞

Source
https://github.com/cc3305/CVE-2023-2825
Associated Vulnerability
Title:GitLab 路径遍历漏洞 (CVE-2023-2825)
Description:GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。
Description
CVE-2023-2825 exploit script
Readme
# CVE-2023-2825

> (Unauthenticated) Directory traversal leads to file read.

## Summary of the CVE

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

## Affected Versions

- Gitlab Gitlab 16.0.0 Community Edition  
- Gitlab Gitlab 16.0.0 Enterprise Edition

## Anomalies

Unauthenticated if there already is a repo with nested groups, otherwise a account with permission to create groups is needed.

## References

- [Github POC - OccamSec, May 25 2023](https://github.com/Occamsec/CVE-2023-2825)
- [Gitlab Report - pwnie, May 20 2023](https://gitlab.com/gitlab-org/gitlab/-/issues/412371)
- [CVE-details - CVSS Score 10.0](https://www.cvedetails.com/cve/CVE-2023-2825)
File Snapshot

 [4.0K]  /data/pocs/4b29794e376836e8dfae1d0e9ad8379ff1af14ac
├── [ 15K]  CVE-2023-2825.py
├── [ 891]  README.md
└── [   9]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.