GitLab 中对限制目录的路径名限制不当 ('Path Traversal')

该路径遍历漏洞允许未经授权的攻击者读取 GitLab 服务器上的敏感文件，甚至可能导致拒绝服务。攻击者可以通过构造恶意的文件路径请求来访问受限资源，绕过正常的访问控制机制。成功利用此漏洞可能导致信息泄露、系统中断以及潜在的进一步攻击。由于 GitLab 广泛应用于代码托管和协作，因此该漏洞的影响范围可能非常广泛，可能影响到大量用户和组织。

Organizations running GitLab CE/EE in production environments, particularly those using versions 16.9 through 16.11.1, are at risk. Shared hosting environments where multiple users share a GitLab instance are also particularly vulnerable, as a compromised user account could potentially be used to exploit the vulnerability and gain access to other users' data or system resources. Legacy GitLab configurations with relaxed file permissions are also at increased risk.

• ruby: Monitor GitLab logs for unusual file access patterns or attempts to access files outside of expected directories. Use grep to search for suspicious path manipulation attempts in access logs. • generic web: Use curl to test for path traversal vulnerabilities by attempting to access files outside of the intended directory structure. Example: curl 'https://gitlab.example.com/../../../../etc/passwd' • linux / server: Examine GitLab's audit logs (if enabled) for suspicious file access events. Use journalctl -f to monitor GitLab's logs in real-time for unusual activity. • database (postgresql): If GitLab's database contains file paths, query the database for any unexpected or unusual file paths that might indicate an attempted exploit.

1. 2024-04-25Disclosure

   disclosure

2. 2024-04-25CISA KEV

   kev

1. 已保留2024-03-13
2. 发布日期2024-04-25
3. 修改日期2025-11-20
4. EPSS 更新日期2026-04-02

最有效的缓解措施是立即将 GitLab 升级至 16.11.1 或更高版本。如果升级不可行，可以考虑实施临时缓解措施，例如限制对敏感文件的访问权限，并加强文件路径验证。此外，可以配置 Web 应用防火墙 (WAF) 以检测和阻止可疑的路径遍历请求。监控 GitLab 日志，查找异常的文件访问模式，有助于及早发现潜在的攻击。