Rewterz Threat Advisory – ICS: Hitachi Ops Center Analyzer Vulnerability
May 24, 2023Rewterz Threat Advisory – CVE-2023-33246 – Apache RocketMQ Vulnerability
May 24, 2023Rewterz Threat Advisory – ICS: Hitachi Ops Center Analyzer Vulnerability
May 24, 2023Rewterz Threat Advisory – CVE-2023-33246 – Apache RocketMQ Vulnerability
May 24, 2023Severity
High
Analysis Summary
CVE-2023-2825
GitLab Community and Enterprise Edition could allow a remote attacker to traverse directories on the system, caused by improper validation of user request when an attachment exists in a public project nested within at least five groups. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-2825
Affected Vendors
GitLab
Affected Products
- GitLab Community Edition 16.0.0
- GitLab Enterprise Edition 16.0.0
Remediation
Refer to GitLab Web site for patch, upgrade or suggested workaround information.