E18-5kyk1
CVSS:
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2018
Description
This strike exploits a directory traversal vulnerability in GitLab.
The GitLab projects import component does not properly validate the imported files, which allows an attacker to write symbolic links to public accessible locations on the server.
By importing a project containing crafted symbolic links, an attacker could read arbitrary files from the file system to further leverage the vulnerability to a code execution scenario.