CVE-2023-3385 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

🗓️ 01 Aug 2023 23:35:55Reported by GitLabType

GitLab Path Traversal Vulnerability in Versions 8.10 to 16.2.2

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2023-3385	2 Aug 202307:39	–	circl
CNNVD	GitLab Path Traversal Vulnerability	1 Aug 202300:00	–	cnnvd
CVE	CVE-2023-3385	1 Aug 202323:35	–	cve
Debian CVE	CVE-2023-3385	1 Aug 202323:35	–	debiancve
EUVD	EUVD-2023-44052	3 Oct 202520:07	–	euvd
FreeBSD	Gitlab -- Vulnerabilities	1 Aug 202300:00	–	freebsd
Tenable Nessus	FreeBSD : Gitlab -- Vulnerabilities (fa239535-30f6-11ee-aef9-001b217b3468)	2 Aug 202300:00	–	nessus
Tenable Nessus	GitLab 8.10 < 16.0.8 / 16.1.0 < 16.1.3 / 16.2.0 < 16.2.2 (CVE-2023-3385)	8 Aug 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-3385	27 Aug 202500:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition	3 Aug 202300:00	–	ncsc

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "8.10",
        "status": "affected",
        "lessThan": "16.0.8",
        "versionType": "semver"
      },
      {
        "version": "16.1.0",
        "status": "affected",
        "lessThan": "16.1.3",
        "versionType": "semver"
      },
      {
        "version": "16.2.0",
        "status": "affected",
        "lessThan": "16.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2032730
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/416161

20 Nov 2025 04:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.3

EPSS0.00098

CWE-22