module
GitLab GitHub Repo Import Deserialization RCE
| Disclosed |
|---|
| Oct 6, 2022 |
Disclosed
Oct 6, 2022
Description
An authenticated user can import a repository from GitHub into GitLab.
If a user attempts to import a repo from an attacker-controlled server,
the server will reply with a Redis serialization protocol object in the nested
`default_branch`. GitLab will cache this object and
then deserialize it when trying to load a user session, resulting in RCE.
If a user attempts to import a repo from an attacker-controlled server,
the server will reply with a Redis serialization protocol object in the nested
`default_branch`. GitLab will cache this object and
then deserialize it when trying to load a user session, resulting in RCE.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.