GitLab File Read Remote Code Execution

This module provides remote code execution against GitLab Community Edition CE and Enterprise Edition EE. It combines an arbitrary file read to extract the Rails "secretkeybase", and gains remote code execution with a deserialization vulnerability of a signed 'experimentationsubjectid' cookie tha...

Vulnerabilities fixed in GitLab Community and Enterprise Edition

GitLab has fixed a number of vulnerabilities in GitLab Community Edition and Enterprise Edition. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, execute a cross-site scripting attack, or gain access to sensitive information and/or manipulate it. GitLab has releas...