CVE-2023-2825 - OpenCVE

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:16.0.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.0.0::::enterprise:::

No data.

References

Link	Providers
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json
https://gitlab.com/gitlab-org/gitlab/-/issues/412371
https://hackerone.com/reports/1994725

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2023-05-26T00:00:00

Updated: 2024-08-02T06:33:05.812Z

Reserved: 2023-05-20T00:00:00

Link: CVE-2023-2825

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-26T21:15:16.740

Modified: 2023-05-29T03:52:00.857

Link: CVE-2023-2825

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-2825", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2024-08-02T06:33:05.812Z", "dateReserved": "2023-05-20T00:00:00", "datePublished": "2023-05-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-05-26T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "versions": [{"version": "16.0.0", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/412371"}, {"url": "https://hackerone.com/reports/1994725"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json"}], "credits": [{"lang": "en", "value": "Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Improper limitation of a pathname to a restricted directory ('path traversal') in GitLab"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.812Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/412371", "tags": ["x_transferred"]}, {"url": "https://hackerone.com/reports/1994725", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:16.0.0:*:*:*:community:*:*:*", "matchCriteriaId": "55994094-1FD2-45BD-86AC-CE90041EC6BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A58B93FC-628E-4B79-8970-CD5E8CE28EE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups."}], "id": "CVE-2023-2825", "lastModified": "2023-05-29T03:52:00.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.8, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-05-26T21:15:16.740", "references": [{"source": "cve@gitlab.com", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/412371"}, {"source": "cve@gitlab.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1994725"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}