GitLab, a leading provider of DevOps software, has released a crucial security patch to address a critical vulnerability identified in two of its products. Users are strongly advised to apply the patch immediately to ensure the security of their systems.
GitLab’s DevOps software package is widely used by developer teams, boasting around 30 million registered users, including a million paying customers. The company recently discovered a path traversal flaw, known as CVE-2023-2825. This vulnerability enables unauthenticated attackers to read arbitrary files on the server under specific conditions. Exploiting this flaw could grant threat actors access to sensitive data, including proprietary software code and user credentials, among other confidential information. Unfortunately, no further details regarding the vulnerability have been disclosed by GitLab, with the company stating that more information will be provided a month after the patch release.
