This exploit demonstrates an arbitrary file read vulnerability in GitLab 12.9.0 by leveraging the UploadsRewriter when moving an issue. It authenticates, creates a project and issue with a crafted path traversal payload, and moves the issue to trigger the vulnerability.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:GitLab 12.9.0
Auth required
Prerequisites:Valid GitLab credentials · Ability to create projects and issues