(Unauthenticated) Directory traversal leads to file read.
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
- Gitlab Gitlab 16.0.0 Community Edition
- Gitlab Gitlab 16.0.0 Enterprise Edition
Unauthenticated if there already is a repo with nested groups, otherwise a account with permission to create groups is needed.