Private exploit CVE-2024-5655 to Gitlab (Private repositories disclosure)
The repository provides a working variant of the CVE-2024-5655 vulnerability exploit with support for real-time active shell, multithreading, entering targets from a file, and color output.
CVE-2024-5655 is a critical vulnerability in GitLab that allows attackers to execute CI/CD pipelines as any user, under specific conditions. This issue affects various versions of GitLab and has been addressed in the latest updates.
The vulnerability enables unauthorized execution of CI/CD pipelines, potentially leading to remote code execution and other malicious activities.
To run the exploit, use the following command:
python3 cve-2024-5655.py -t https://gitlab-private-repo -c 'cat README.md'
Before running the exploit, please refer to the README.txt file in the repository for detailed instructions.
Various versions of GitLab before the latest security patch.
Download here (securely!)