CVE-2023-2825 PoC — GitLab 路径遍历漏洞

Source

https://github.com/cc3305/CVE-2023-2825

Associated Vulnerability

Title:GitLab 路径遍历漏洞 (CVE-2023-2825)
Description:An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

Description

CVE-2023-2825 exploit script

Readme

# CVE-2023-2825

> (Unauthenticated) Directory traversal leads to file read.

## Summary of the CVE

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

## Affected Versions

- Gitlab Gitlab 16.0.0 Community Edition  
- Gitlab Gitlab 16.0.0 Enterprise Edition

## Anomalies

Unauthenticated if there already is a repo with nested groups, otherwise a account with permission to create groups is needed.

## References

- [Github POC - OccamSec, May 25 2023](https://github.com/Occamsec/CVE-2023-2825)
- [Gitlab Report - pwnie, May 20 2023](https://gitlab.com/gitlab-org/gitlab/-/issues/412371)
- [CVE-details - CVSS Score 10.0](https://www.cvedetails.com/cve/CVE-2023-2825)

File Snapshot


 [4.0K]  /data/pocs/4b29794e376836e8dfae1d0e9ad8379ff1af14ac
├── [ 15K]  CVE-2023-2825.py
├── [ 891]  README.md
└── [   9]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!