This content is viewable by Everyone

Weaponized Vulnerability in GitLab CE and EE

GitLab released a security update to address a weaponized vulnerability in GitLab CE and EE. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

For a complete description of the vulnerabilities and affected systems go to CVE-2023-2825 Detail.

IT Security 

Read more about IT Security service offerings.