CVE-2023-2825
Published: 26 May 2023
Summary
CVE-2023-2825 is a critical-severity Path Traversal (CWE-22) vulnerability in Gitlab Gitlab. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-2825 is a path traversal vulnerability, tracked as CWE-22, that affects only GitLab Community Edition and Enterprise Edition version 16.0.0. The flaw permits an unauthenticated attacker to read arbitrary files on the server when an attachment is present in a public project nested inside at least five groups, and carries a CVSS 3.1 score of 10.0 reflecting network-exploitable conditions with no required authentication or user interaction.
An unauthenticated malicious user can leverage the issue to access sensitive files stored on the GitLab server, resulting in full compromise of confidentiality and integrity while availability remains unaffected. The attack requires the specific nesting and attachment conditions described in the advisory.
The supplied references consist of GitLab’s official CVE JSON record, the associated issue tracker entry, and a HackerOne report that document the vulnerability and its scope. The EPSS score for this CVE currently stands at 0.9193 with a recorded peak of 0.9307, indicating sustained high exploitation probability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-34276
Vulnerability details
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at…
more
least five groups.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.