exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files

Gitlab 13.10.2 Remote Code Execution
Posted Jun 4, 2021
Authored by enox

Gitlab version 13.10.2 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | fdd3bf5424a5516bb5299cd43e4d54baa10324040cc743962df9d063321ddcab

Related Files

Ruby-SAML / GitLab Authentication Bypass
Posted Oct 7, 2024
Authored by Synacktiv | Site github.com

This script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below or equal to 12.2 and versions 1.13.0 through 1.16.0 do not properly verify the signature of the SAML Response.

tags | exploit, ruby
advisories | CVE-2024-45409
SHA-256 | d08713f2b53b8375bee1c935a8aa40df427334d91a9660f64086fe0c225c0c55
GitLab User Enumeration
Posted Sep 1, 2024
Authored by Ben Campbell | Site metasploit.com

The GitLab internal API is exposed unauthenticated on GitLab. This allows the username for each SSH Key ID number to be retrieved. Users who do not have an SSH Key cannot be enumerated in this fashion. LDAP users, e.g. Active Directory users will also be returned. This issue was fixed in GitLab v7.5.0 and is present from GitLab v5.0.0.

tags | exploit
SHA-256 | 71630cfcfed3904689a0ba6bbbfad435b4547e989b51038e7a14ced61cb53df9
GitLab GraphQL API User Enumeration
Posted Sep 1, 2024
Authored by jbaines-r7, mungsul | Site metasploit.com

This Metasploit module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users (CVE-2021-4191). The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6.5.

tags | exploit
advisories | CVE-2021-4191
SHA-256 | 37361393f26eabdc1c128ac8137d1d761bdfdcc8e7201453e7e793df6a7c3a27
GitLab Password Reset Account Takeover
Posted Aug 31, 2024
Authored by h00die, asterion04 | Site metasploit.com

This Metasploit module exploits an account-take-over vulnerability that allows users to take control of a gitlab account without user interaction. The vulnerability lies in the password reset functionality. Its possible to provide 2 emails and the reset code will be sent to both. It is therefore possible to provide the e-mail address of the target account as well as that of one we control, and to reset the password. 2-factor authentication prevents this vulnerability from being exploitable. There is no discernable difference between a vulnerable and non-vulnerable server response. Vulnerable versions include: 16.1 < 16.1.6, 16.2 < 16.2.9, 16.3 < 16.3.7, 16.4 < 16.4.5, 16.5 < 16.5.6, 16.6 < 16.6.4, and 16.7 < 16.7.2.

tags | exploit
advisories | CVE-2023-7028
SHA-256 | 2a079a5ea68c49929249db07a48797389f6a5b63a1ad6670bced19ea343c8ecf
GitLab Tags RSS Feed Email Disclosure
Posted Aug 31, 2024
Authored by n00bhaxor, erruquill | Site metasploit.com

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It is possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

tags | exploit
advisories | CVE-2023-5612
SHA-256 | 62ce2c8280f3e5fc62225b1364f2a471b91cf622a571b2b9ffbd1a00a324ba26
GitLab Authenticated File Read
Posted Aug 31, 2024
Authored by h00die, Vitellozzo, pwnie | Site metasploit.com

GitLab version 16.0 contains a directory traversal for arbitrary file read as the gitlab-www user. This Metasploit module requires authentication for exploitation. In order to use this module, a user must be able to create a project and groups. When exploiting this vulnerability, there is a direct correlation between the traversal depth, and the depth of groups the vulnerable project is in. The minimum for this seems to be 5, but up to 11 have also been observed. An example of this, is if the directory traversal needs a depth of 11, a group and 10 nested child groups, each a sub of the previous, will be created (adding up to 11). Visually this looks like: Group1->sub1->sub2->sub3->sub4->sub5->sub6->sub7->sub8->sub9->sub10. If the depth was 5, a group and 4 nested child groups would be created. With all these requirements satisfied a dummy file is uploaded, and the full traversal is then executed. Cleanup is performed by deleting the first group which cascades to deleting all other objects created.

tags | exploit, arbitrary
advisories | CVE-2023-2825
SHA-256 | 69b07b1cbc660e9b657d46058136f20875b62aea95d13f5799d7b0fd27caa958
GitLab CE/EE Password Reset
Posted Mar 14, 2024
Authored by Sebastian Kriesten

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

tags | exploit
advisories | CVE-2023-7028
SHA-256 | ecc61996fa0e38b05ac70ce2080679b2eaf36720822b04f8d38867b1d69456b3
GitLab 15.3 Remote Code Execution
Posted Apr 3, 2023
Authored by Antonio Francesco Sardella

GitLab version 15.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-2884
SHA-256 | 6b39aa9dd2e2a7bec60b18975a9f1d8372e350f6d1ff923d82041ba07d234f5c
GitLab GitHub Repo Import Deserialization Remote Code Execution
Posted Feb 15, 2023
Authored by Heyder Andrade, William Bowling, RedWay Security | Site metasploit.com

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.

tags | exploit, remote, code execution, protocol
advisories | CVE-2022-2992
SHA-256 | 01b86153e9b59cbce82f32a07b24098f2267f0bddf0bec3fcf3243c9d0b7d820
Gitlab 14.9 Cross Site Scripting
Posted Apr 26, 2022
Authored by stacksmashing, Greenwolf

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-1175
SHA-256 | 8cb78a3472e539403d6d39fd3ad3b5fdeb25087820f659a117ceeeb4ad1a58b6
Gitlab 14.9 Authentication Bypass
Posted Apr 26, 2022
Authored by stacksmashing, Greenwolf

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a bypass vulnerability due to having set a hardcoded password for accounts registered using an OmniAuth provider.

tags | exploit, bypass
advisories | CVE-2022-1162
SHA-256 | b9871a137c86a7af7a3f259af24481816299cde62d5eef695abcb78150bb320f
GitLab 13.10.2 Remote Code Execution
Posted Nov 17, 2021
Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2021-22204, CVE-2021-22205
SHA-256 | a3816f4a73b68abc9aa497e0982428e2bde3d7b0a005094907ca8484d9f39f60
GitLab Unauthenticated Remote ExifTool Command Injection
Posted Nov 4, 2021
Authored by William Bowling, jbaines-r7 | Site metasploit.com

This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.

tags | exploit, file upload
advisories | CVE-2021-22204, CVE-2021-22205
SHA-256 | 674d3772ec48b70f0ba624c93a36ffde9a6d313b18359aa19702fc270257ff56
Gitlab 13.9.3 Remote Code Execution
Posted Jun 3, 2021
Authored by enox

Gitlab version 13.9.3 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | caf8edec9ec8c7e7c6f9952908afef2e43a89a4f0838ce4fa452b92c75110fc9
GitLab Community Edition (CE) 13.10.3 User Enumeration
Posted May 3, 2021
Authored by 4D0niiS

GitLab Community Edition (CE) version 13.10.3 suffers from multiple user enumeration vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 5d420382a54e49ae96ced981f0727ae390e51d108048932dd69d45374578bae6
GitLab 11.4.7 Remote Code Execution
Posted Dec 24, 2020
Authored by Sam Redmond

GitLab version 11.4.7 authenticated remote code execution exploit. Original discovery of this issue attributed to Mohin Paramasivam in December of 2020.

tags | exploit, remote, code execution
advisories | CVE-2018-19571, CVE-2018-19585
SHA-256 | c9c6f0c8706abfa0c67bcf3a71b777f57f857eb79b6d8aa441fb831112e3fa13
GitLab 11.4.7 Remote Code Execution
Posted Dec 16, 2020
Authored by Mohin Paramasivam

GitLab version 11.4.7 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-19571, CVE-2018-19585
SHA-256 | a366323b7d7d1eea7a69c2b0ccda38033cdfe86c919d53827d40042fd3be1f7d
Gitlab 11.4.7 Remote Code Execution
Posted Dec 15, 2020
Authored by Fortunato Lodari

Gitlab version 11.4.7 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 060ec27bc199fb9c231243a34947bcd6f792298a67ae1f4ab3d023368297fe8d
GitLab File Read Remote Code Execution
Posted Dec 10, 2020
Authored by alanfoster, William Bowling | Site metasploit.com

This Metasploit module provides remote code execution against GitLab Community Edition (CE) and Enterprise Edition (EE). It combines an arbitrary file read to extract the Rails secret_key_base, and gains remote code execution with a deserialization vulnerability of a signed experimentation_subject_id cookie that GitLab uses internally for A/B testing. Note that the arbitrary file read exists in GitLab EE/CE 8.5 and later, and was fixed in 12.9.1, 12.8.8, and 12.7.8. However, the RCE only affects versions 12.4.0 and above when the vulnerable experimentation_subject_id cookie was introduced. Tested on GitLab 12.8.1 and 12.4.0.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2020-10977
SHA-256 | a2fd5f023f224556722696d725ba298281ba4faa6ff9fad55afc78efcb2c8cd0
Gitlab 12.9.0 Arbitrary File Read
Posted Nov 19, 2020
Authored by Jasper Rasenberg

Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.

tags | exploit, arbitrary
SHA-256 | 3fa20aa2a7c614b9b11d6fbc0c9ba54d294469d6ed5ae63e80764789e70be637
GitLab 12.9.0 Arbitrary File Read
Posted May 6, 2020
Authored by KouroshRZ

GitLab version 12.9.0 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary
SHA-256 | 886edf401f7e35b4647cd8d0a4cebece4fd3d286dd2d4f2f8fc58ced4c72a12d
Jenkins Gitlab Hook 1.4.2 Cross Site Scripting
Posted Jan 16, 2020
Authored by Ai Ho

Jenkins Gitlab Hook plugin version 1.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-2096
SHA-256 | 38931217cabd4d17c01cf04d878ac4d8c49d23973f783f5ba2fd442676454822
GitLab Omnibus 12.2.1 Logrotate Privilege Escalation
Posted Oct 5, 2019
Authored by Wolfgang Hotwagner

Gitlab Omnibus versions 7.4 through 12.2.1 suffer from a privilege escalation vulnerability that leverages a race condition in logrotate, resulting in a root shell.

tags | exploit, shell, root
advisories | CVE-2019-15741
SHA-256 | ec5a0ad6e611974c35fee35b42232d35320003024968f9c8ab932cae0dd24449
NPMJS gitlabhook 0.0.17 Remote Command Execution
Posted Sep 25, 2019
Authored by Semen Alexandrovich Lyhin

NPMJS gitlabhook version 0.0.17 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2019-5485
SHA-256 | fc0c7dc65272d0340670454bc0b33b55ca658d8d6e7f4ccd7894b23f4a32858a
Debian Security Advisory 4206-1
Posted May 23, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4206-1 - Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-0920, CVE-2018-8971
SHA-256 | b90e604494b3ffae9f36761ced67f9dddbd660ef359a92d76210c3f564e6c64f
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close