GitLab strongly recommends patching max severity flaw ASAP
24-May-23
GitLab has released an urgent security update, version 16.0.1, to fix the CVE-2023-2825 path traversal bug, which has a maximum severity rating (CVSS v3.1 score 10.0). A web-based Git repository called GitLab, which has one million paying clients and almost 30 million registered users, is used by developer teams who need to manage their code remotely. pwnie, a security researcher, found the vulnerability that was fixed in the most recent release and reported it through the projects HackOne bug bounty programme. Version 16.0.0 of GitLab Community Edition (CE) and Enterprise Edition (EE) are affected, however earlier versions are unaffected. When an attachment exists in a public location, the weakness results from a path traversal issue that enables an unauthorised attacker to read any files on the server.
