GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
Recent assessments:
ericalexanderorg at March 16, 2020 3:52pm UTC reported:
Not enough information to accurately assess ATM. Potential to read config file or access files within git repositories. Odds are some of those repositories have secrets that can be used to pivot further.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 1