漏洞描述
GitLab是一套利用Ruby on Rails开发的一套开源的可实现自托管的Git(版本控制系统)项目仓库的应用程序。gitlab-shell是其中的一套用于SSH访问和存储库管理的应用程序。 GitLab中使用的gitlab-shell 1.7.4之前版本的repository import功能中存在安全漏洞。远程攻击者可通过导入URL利用该漏洞执行任意命令。
GitLab gitlab-shell Repository Import Feature 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- gitlab-api-user-enum: GitLab - User Information Disclosure Via Open API
- POC CVE-2024-45409: GitLab - SAML Authentication Bypass
- POC CVE-2025-25291: GitLab - SAML Authentication Bypass
- POC CVE-2019-6793: GitLab Enterprise Edition - Server-Side Request Forgery
- POC CVE-2020-2096: Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
- POC CVE-2020-26413: Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
- POC CVE-2021-22205: GitLab CE/EE - Remote Code Execution
- POC CVE-2021-22214: Gitlab CE/EE 10.5 - Server-Side Request Forgery
- POC CVE-2021-4191: GitLab GraphQL API User Enumeration
- POC CVE-2022-0735: GitLab CE/EE - Information Disclosure
- POC CVE-2022-1162: GitLab CE/EE - Hard-Coded Credentials
- POC CVE-2022-2185: GitLab CE/EE - Remote Code Execution
- POC CVE-2023-2825: GitLab 16.0.0 - Path Traversal