Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-10977

EPSS 4.77% · P90
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-10977

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GitLab 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git(版本控制系统)项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 GitLab(企业版和社区版)12.9之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-10977

#POC DescriptionSource LinkShenlong Link
1Exploit for "GitLab Instance" Arbitrary server file read vulnerabilityhttps://github.com/KooroshRZ/CVE-2020-10977POC Details
2GitLab 12.9.0 Arbitrary File Read https://github.com/thewhiteh4t/cve-2020-10977POC Details
3authenticated arbitrary file read for Gitlab (CVE-2020-10977)https://github.com/JustMichi/CVE-2020-10977.pyPOC Details
4GitLab 12.9 Arbitrary File Readhttps://github.com/JayHerlth/cve-2020-10977POC Details
5A (wanted to be) better script than what can be found on exploit-db about the authenticated arbitrary read file on GitLab v12.9.0 (CVE-2020-10977)https://github.com/erk3/gitlab-12.9.0-file-readPOC Details
6Gitlab v12.4.0-8.1 RCEhttps://github.com/liath/CVE-2020-10977POC Details
7cve-2020-10977 read and executehttps://github.com/lisp3r/cve-2020-10977-read-and-executePOC Details
8GitLab Arbitrary File Read Exploithttps://github.com/vandycknick/gitlab-cve-2020-10977POC Details
9GitLab 12.9 Arbitrary File Readhttps://github.com/possib1e/cve-2020-10977POC Details
10Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/GitLab%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E5%AF%BC%E8%87%B4RCE%20CVE-2020-10977.mdPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-10977

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-04-08 · 88 CVEs total

CVE-2018-21040Samsung移动设备竞争条件问题漏洞
CVE-2018-21079Samsung移动设备 USB gadget driver 安全漏洞
CVE-2018-21080Samsung移动设备安全漏洞
CVE-2018-21078Samsung移动设备安全漏洞
CVE-2018-21044Samsung移动设备缓冲区错误漏洞
CVE-2018-21045Samsung移动设备信息泄露漏洞
CVE-2018-21077Samsung移动设备安全漏洞
CVE-2018-21046Samsung移动设备安全漏洞
CVE-2018-21076Samsung移动设备安全漏洞
CVE-2018-21043Samsung移动设备信息泄露漏洞
CVE-2018-21041Samsung移动设备访问控制错误漏洞
CVE-2018-21039Samsung移动设备安全漏洞
CVE-2018-21038Samsung移动设备授权问题漏洞
CVE-2020-11603Samsung移动设备安全漏洞
CVE-2020-11607Samsung移动设备信息泄露漏洞
CVE-2020-11606Samsung移动设备信息泄露漏洞
CVE-2020-11605Samsung移动设备信息泄露漏洞
CVE-2020-11604Samsung移动设备缓冲区错误漏洞
CVE-2020-11602Samsung移动设备信息泄露漏洞
CVE-2020-11601Samsung移动设备安全漏洞

Showing top 20 of 88 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-10977

No comments yet

Leave a comment