Web RCE. Gitlab 11.11 - 12.9.0, CVE N/A

[Novel]

PoC: https://0day.today/exploit/34378
Инфо: https://hackerone.com/reports/827052

 

[Bertor]

Authenticated Arbitrary File Read а не RCE

 

[Novel]

Authenticated Arbitrary File Read а не RCE

Эксплоит направлен на чтение файлов, но у уязвимости есть потенциал RCE

 

[rlz]

Other reports from the same bug reporter are interesting as well. The guys been pwning GitLab left and right.