CVE-2023-2825: Critical bug in GitLab with CVSS score of 10

CVE-2023-2825

GitLab, the highly popular web-based DevOps lifecycle tool that provides a Git-repository manager has just issued an urgent security update. The company is deploying version 16.0.1 for GitLab Community Edition (CE) and Enterprise Edition (EE), designed to address a critical security flaw in the earlier version 16.0.0. This vulnerability is known as CVE-2023-2825 and carries a Common Vulnerability Scoring System (CVSS) score of 10, the highest possible, indicative of a severe threat.

CVE-2023-2825

What is CVE-2023-2825?

The vulnerability CVE-2023-2825, is a path traversal vulnerability that enables an unauthenticated user to read arbitrary files on the server. In specific circumstances, when an attachment exists in a public project nested within at least five groups, the malicious user can exploit this vulnerability to access sensitive data.

The security vulnerability was discovered and reported through GitLab’s HackerOne bug bounty program by an ethical hacker known as “pwnie”. The GitLab team was swift to respond, issuing a patch with the new update version 16.0.1.

Why You Should Be Concerned

Despite being limited to version 16.0.0 of GitLab CE/EE, the vulnerability holds severe implications. An attacker exploiting this flaw could potentially access and retrieve sensitive data files from the server. This could include proprietary source code, sensitive user data, and crucial configuration details that could be further used for a more substantial system compromise.

Moreover, the flaw doesn’t require any authentication, increasing the likelihood of potential exploits by unauthenticated bad actors across the globe.

Immediate Action Required

Given the severity of the vulnerability, the immediate action recommended by GitLab is to upgrade GitLab installations running on version 16.0.0 to the latest release, 16.0.1. This release patches the identified vulnerability, effectively closing the avenue for a potential security breach.

It’s important to note that GitLab installations on earlier versions than 16.0.0 are not affected by this vulnerability. Therefore, users operating on these versions need not worry about this specific vulnerability.

In summary, if you’re running GitLab CE/EE version 16.0.0, it’s critical that you upgrade immediately to version 16.0.1. Keep a keen eye on updates from your software providers, ensure your systems are always up to date, and be proactive in identifying and mitigating cyber threats.

Update: On May 25th, the researcher released a proof-of-concept exploit code for this flaw.