Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in GitLab
Alerts

Critical Vulnerability in GitLab

25 May 2023

GitLab has released security updates to address a critical vulnerability (CVE-2023-2825) affecting GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10. 

Successful exploitation of the path traversal vulnerability could allow an unauthenticated attacker to read arbitrary files on the server, when an attachment exists in a public project nested within at least five groups.

The vulnerability only affects GitLab CE and EE version 16.0.0. Earlier versions are not affected.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/

Back to top