Rewterz Threat Advisory – ICS: Hitachi Ops Center Analyzer Vulnerability

May 24, 2023

Rewterz Threat Advisory – CVE-2023-33246 – Apache RocketMQ Vulnerability

May 24, 2023

Rewterz Threat Advisory – CVE-2023-2825 – GitLab Community and Enterprise Edition Vulnerability

May 24, 2023

Severity

High

Analysis Summary

CVE-2023-2825

GitLab Community and Enterprise Edition could allow a remote attacker to traverse directories on the system, caused by improper validation of user request when an attachment exists in a public project nested within at least five groups. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2023-2825

Affected Vendors

GitLab

Affected Products

GitLab Community Edition 16.0.0
GitLab Enterprise Edition 16.0.0

Remediation

Refer to GitLab Web site for patch, upgrade or suggested workaround information.

GitLab Web site

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Bitter APT – Active IOCs

Google Chrome 0-Day Vulnerability Actively Exploited – Immediate Update

Multiple Microsoft Windows Products Zero-Day Vulnerabilities Exploit in the Wild

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Hitachi Ops Center Analyzer Vulnerability

Rewterz Threat Advisory – CVE-2023-33246 – Apache RocketMQ Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.