Warning: Gitlab arbitrary file access
Logiciels concernés :
Gitlab CE/EE v16.0.0
Arbitrary file access
The exploitation of CVE-2023-2825 could expose sensitive data, including proprietary software code, user credentials, tokens, files, and other private information.
The flaw arises from a path traversal problem that allows an unauthenticated remote attacker to read arbitrary files on the server. In order for this to happen the following prerequisites must be met:
5-9 Nested Groups
A Public Project
We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible (16.0.1). Note v16.0.1 was released one day after v16.0.0.