CVE-2023-2825 PoC — GitLab 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-2825.yaml

Associated Vulnerability

Title:GitLab 路径遍历漏洞 (CVE-2023-2825)
Description:GitLab是美国GitLab公司的一个开源的端到端软件开发平台，具有内置的版本控制、问题跟踪、代码审查、CI/CD（持续集成和持续交付）等功能。 GitLab存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。

Description

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups

File Snapshot


 id: CVE-2023-2825

info:
  name: GitLab 16.0.0 - Path Traversal
  author: DhiyaneshDk,rootxharsh,iam

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!