{"uuid": "53fc948e-8678-402a-92ab-db46951cf5de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2825", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/3747", "content": "\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0443 GitLab \u0441\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c \u043e\u0447\u0435\u043d\u044c \u0432\u0430\u0436\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0437-\u0437\u0430 \u043e\u0447\u0435\u043d\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 10 \u0438\u0437 10\n\nAn issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project\n\nGitLab Critical Security Release: 16.0.1\nhttps://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/\n\n\u0418 \u0432\u043e\u0442 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c PoC\n\nCVE-2023-2825 ANALYSIS AND EXPLOIT\nhttps://occamsec.com/exploit-for-cve-2023-2825/", "creation_timestamp": "2023-05-26T10:12:27.000000Z"}