Published: 03/11/2016 Updated: 29/11/2016
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions before 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 up to and including 8.13.2, 8.12.0 up to and including 8.12.7, 8.11.0 up to and including 8.11.10, 8.10.0 up to and including 8.10.12, and 8.9.0 up to and including 8.9.11 are affected.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

gitlab gitlab 8.9.1

gitlab gitlab 8.9.8

gitlab gitlab 8.9.10

gitlab gitlab 8.10.5

gitlab gitlab 8.10.7

gitlab gitlab 8.10.12

gitlab gitlab 8.11.1

gitlab gitlab 8.9.11

gitlab gitlab 8.10.0

gitlab gitlab 8.10.1

gitlab gitlab 8.10.2

gitlab gitlab 8.10.3

gitlab gitlab 8.11.3

gitlab gitlab 8.11.4

gitlab gitlab 8.11.5

gitlab gitlab 8.11.6

gitlab gitlab 8.13.2

gitlab gitlab 8.9.0

gitlab gitlab 8.11.8

gitlab gitlab 8.12.0

gitlab gitlab 8.12.7

gitlab gitlab 8.13.1

gitlab gitlab 8.9.3

gitlab gitlab 8.9.4

gitlab gitlab 8.9.5

gitlab gitlab 8.9.6

gitlab gitlab 8.10.8

gitlab gitlab 8.10.9

gitlab gitlab 8.10.10

gitlab gitlab 8.10.11

gitlab gitlab 8.12.1

gitlab gitlab 8.12.2

gitlab gitlab 8.12.3

gitlab gitlab 8.12.4

gitlab gitlab 8.12.5

gitlab gitlab 8.9.2

gitlab gitlab 8.9.7

gitlab gitlab 8.9.9

gitlab gitlab 8.10.4

gitlab gitlab 8.10.6

gitlab gitlab 8.11.0

gitlab gitlab 8.11.2

gitlab gitlab 8.11.7

gitlab gitlab 8.11.9

gitlab gitlab 8.12.6

gitlab gitlab 8.13.0

Vendor Advisories

Debian Bug report logs - #843519 gitlab: CVE-2016-9086 Package: src:gitlab; Maintainer for src:gitlab is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 7 Nov 2016 11:24:01 UTC Severity: grave Tags: security, upstr ...

Github Repositories


红队中易被攻击的一些重点系统漏洞整理 一、OA系统 泛微(Weaver-Ecology-OA) 泛微OA E-cology RCE(CNVD-2019-32204) - 影响版本70/80/81/90 泛微OA WorkflowCenterTreeData接口注入(限oracle数据库) 泛微ecology OA数据库配置信息泄露 泛微OA云桥任意文件读取 - 影响2018-2019 多个版本 泛微 e-cology OA 前台SQL注入漏

Recent Articles

GitLab Patches Command Execution Vulnerability
Threatpost • Chris Brook • 03 Nov 2016

Developers with GitLab this week fixed a critical vulnerability in the open source repository management software that could have led to command execution and allowed an authenticated user to gain access to sensitive application files, tokens, or secrets.
HackerOne cofounder Jobert Abma unearthed the vulnerability last week and reported it to the company through GitLab’s bug bounty program. GitLab addressed the issue (CVE-2016-9086) when it rolled out version 8.13.3 of the software late...